Investment banks in the crosshairs: A second group, UNK_DropPitch, targeted the financial ecosystem surrounding Taiwan’s semiconductor industry. This group conducted phishing campaigns against investment banks, focusing on individuals specializing in Taiwanese semiconductor analysis. The phishing emails purported to come from fictitious financial firms seeking collaboration opportunities.The third group, UNK_SparkyCarp, focused on credential harvesting through sophisticated phishing kits using custom adversary-in-the-middle frameworks targeting Taiwanese semiconductor companies, with emails masquerading as account login security warnings.The targeting pattern reveals China’s comprehensive approach to intelligence gathering. Rawat noted that the espionage focus extends beyond traditional chipmakers to include “testing firms, supply chain players, and even financial analysts, indicating a broad attempt to map the full value chain and anticipate market dynamics.”This represents what Saify described as cyber operations becoming “a force multiplier, used to shortcut R&D cycles, replicate advanced fabrication processes, and undermine competitors.”
Geopolitical technology competition: The intensified targeting reflects escalating US-China tech rivalry.”There is a tech ‘cold war’ going on between the US and China that has escalated with all the export controls barring China from accessing semiconductors,” said Neil Shah, VP for Research at Counterpoint Research. “Both nations want to be self-sufficient, as semiconductors are the new crude with AI the new oil.”The Biden administration has imposed sweeping export controls on China’s access to advanced semiconductors and chip-making equipment, creating significant pressure on China to develop domestic alternatives or acquire foreign technology through other means.Kelly noted that “the activity aligns with China’s long-term objectives for semiconductor self-sufficiency which have likely been further fuelled by international export controls.” The attacks weren’t concentrated in any particular region, spanning across Taiwan.
Enterprise security recommendations: Security experts emphasize that semiconductor companies must fundamentally rethink their cybersecurity approaches. “Firms in the semiconductor industry must recognize that they are now on the frontlines of geopolitical cyber warfare,” Saify said.Rawat recommended that companies “evolve from traditional compliance-based cybersecurity to proactive, intelligence-driven defense.” He particularly emphasized heightened vigilance in monitoring insider threats and HR platforms, which are being exploited through employment-themed phishing campaigns.Key defensive measures include closing the gap between IT and operational technology security, strengthening software supply chain security, and actively participating in intelligence-sharing networks with government agencies and industry peers.Despite the sophisticated nature of these campaigns, early detection helped limit their impact. “Proofpoint notified all targeted organizations of this activity, and we are not aware of any compromise as a result of these campaigns,” Kelly said.However, the threat remains active and evolving. Kelly noted that Proofpoint considers the threat “ongoing at this time.”The semiconductor industry now finds itself at the center of a broader digital battleground where, as Shah puts it, “Taiwan unfortunately finds itself right in the middle of this battle.” As export controls and technological competition intensify, cybersecurity professionals expect these sophisticated espionage campaigns to continue evolving in both scope and sophistication.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4024013/china-linked-hackers-target-taiwan-chip-firms-in-a-coordinated-espionage-campaign.html
