The global semiconductor industry, the backbone of modern technology, is under direct threat from **coordinated cyberattacks**. Recent reports from cyber security company Proofpoint reveal that hackers linked to China have been systematically targeting Taiwan's semiconductor industry, intensifying the already complex geopolitical chip war. These attacks, which took place between March and June 2025 and with some operations still ongoing, are attributed to sophisticated Chinese cyber-espionage groups.
A Proofpoint has identified at least three new groups aligned with China - UNK_FistBump, UNK_DropPitch e UNK_SparkyCarp - as well as a fourth group, UNK_ColtCentury (also known as TAG-100 or Storm-2077). The latter, for example, sought to establish trust with its targets before deploying a remote access trojan (RAT) called Spark. Understanding the scale and tactics of these cyberattacks is crucial to global technological security and the future of chip production.
Cybersecurity and geopolitical analysts believe that these attacks are part of Beijing's long-term strategy to achieve **self-sufficiency in semiconductors**. This ambitious measure is driven not only by the US export restrictionsbut also because of Taiwan's unquestionable dominance in the manufacture of advanced chips. The hackers concentrated their efforts on organizations involved in the semiconductor design, manufacturing, testing and supply chains.
In addition, investment analysts who monitor Taiwan's semiconductor sector were also targeted for financial and strategic insights. A Proofpoint estimates that between 15 and 20 organizations were affected, ranging from medium-sized companies to large global corporations, including analysts from at least one US-based international bank. Taiwan's main chip manufacturers, such as TSMC, MediaTek, UMC, Nanya and RealTekhave chosen not to comment publicly on the incidents, keeping secret which ones were successfully hacked. However, the main motivation behind these attacks was clearly cyber espionage, seeking critical information and intellectual property about chip production.
The sophistication and diversity of the cyberattack tactics employed by the China-linked groups reveal meticulous planning and advanced resources. Each group used different approaches to infiltrate their targets in Taiwan's chip industry:
The group UNK_FistBump launched spear-phishing from compromised email accounts at Taiwanese universities. They posed as job applicants and attached malicious files disguised as PDF CVs. If opened, these files triggered the deployment of Cobalt Strike beacons or a customized backdoor based, known as Voldemort. This malware has already been linked to attacks on more than 70 organizations globally, demonstrating the seriousness of the threat.
On the other hand, the group UNK_DropPitch targeted financial analysts at major investment firms. In this case, the hackers posed as employees of a fake investment company, providing malicious PDF links that downloaded ZIP files containing payloads based DLL files. Once executed, these malicious DLL files installed the HealthKick backdoor or established a reverse connection with servers controlled by the attackers, revealing an interest in financial and strategic data from the semiconductor sector.
The group UNK_SparkyCarp used a more classic, but still effective tactic: sending fake account security emails, directing victims to phishing as accshieldportal[.]com. This is, in fact, an old and widely used trick, with hackers using a customized tool to intercept and steal login credentials. All these tactics demonstrate the complexity and diversity of the cyber threats faced by the semiconductor supply chain.
A TeamT5a renowned Taiwanese cybersecurity company, has reported a significant increase in email threats targeting Taiwan's semiconductor industry. It is important to note that attackers often exploit weaker defenses in smaller suppliers and related sectors, targeting the supply chain as a whole. In June, for example, the Amoebaalso linked to China, led a campaign of phishing against a chemical company that is fundamental to the semiconductor supply chain. This strategy of attacking secondary sectors shows a comprehensive effort to compromise the entire production chain and gain the upper hand in the chip war.
Therefore, the scope and scale of these campaigns highlight the growing geopolitical tension around Taiwan's dominance in the semiconductor market, one of the epicenters of the global chip war. Entities that were not previously on hackers' radar are now prime targets. In February, China accused Taiwan of favoring the US. Later, in April, the US suggested that Taiwan set up servers for its companies in MexicoThis reflects the pressure on the sector.
American sanctions on China, like the one that caused billions in damage to the NVIDIAThis also contributes to the rise in tensions. However, it's not all American victories and accusations against China. US sanctions, for example, helped accelerate the semiconductor market in China. Even so, the tense situation is clear, with China stating that it would retaliate against Taiwan for placing the Huawei on a no-go list. All this underlines the complexity of the geopolitics of technology and the importance of **supply chain security**.
In light of the reports and investigations, the Chinese embassy in Washington has spoken out, reiterating that cyber attacks are a global problem. In this way, the country's official position was emphatically expressed:
"China firmly opposes and fights all forms of cybercrime," said an embassy representative.
This statement underscores China's official stance on the accusations. The source of this detailed information about the attacks and the analysis is Proofpoint, a renowned global cybersecurity company, which continues to monitor cyber threats in the sector.
To keep up to date with the latest news in the world of technology, hardware and the innovations shaping the future, check out our other related articles:
Intel may unify P and E cores in future Titan Lake generation [RUMOR]
English 
Portuguese