Subj : Chinese hackers hit Taiwa
To   : All
From : Mike Powell
Date : Fri Jul 18 2025 10:17 am

Chinese hackers hit Taiwan semiconductor manufacturing in spear phishing
campaign

Date:
Thu, 17 Jul 2025 19:33:00 +0000

Description:
At least three groups were targeting different organizations in the same
industry.

FULL STORY

Multiple Chinese state-sponsored threat actors have been coordinating attacks
on the Taiwanese semiconductor industry, hitting manufacturing, supply chain,
and financial investment analysis firms across the country.

This is according to cybersecurity researchers Proofpoint, who claim to have
observed at least three different groups participating in the campaign.

The groups are tracked as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp.
Sometimes, different security vendors label the same groups differently, but
these seem to be new entrants in the cybercriminal world.

A fourth player

Their tactics, techniques, and procedures (TTP) are somewhat different from
what was observed in the past, leading the researchers to believe that these
are new groups.

The attacks occurred between March and June this year, and targeted
organizations involved in the manufacturing, design, and testing of
semiconductors and integrated circuits, wider equipment and services supply
chain entities within this sector, as well as financial investment analysts
specializing in the Taiwanese semiconductor market," Proofpoint said.

The groups use different tools and tactics. Most of the time, initial contact
is achieved via phishing emails, but the malware , and the way it is
delivered varies from group to group. Among the tools used in this campaign
are Cobalt Strike, Voldemort (a C-based custom backdoor), and HealthKick (a
backdoor that can run commands), among others.

Proofpoint also mentioned a fourth group, called UNK_ColtCentury (AKA TAG-100
and Storm-2077), which tried to build rapport with their victims before
trying to infect them with malware. This group was looking to deploy a Remote
Access Trojan (RAT) called Spark.

"This activity likely reflects China's strategic priority to achieve
semiconductor self-sufficiency and decrease reliance on international supply
chains and technologies, particularly in light of U.S. and Taiwanese export
controls," the researchers explained.

"These emerging threat actors continue to exhibit long-standing targeting
patterns consistent with Chinese state interests, as well as TTPs and custom
capabilities historically associated with China-aligned cyber espionage
operations."

China has been vocal about reclaiming Taiwan for years now and has, on
numerous occasions, conducted military exercises in close proximity to the
island nation.

Via The Hacker News

======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-hit-taiwan-semiconducto
r-manufacturing-in-spear-phishing-campaign

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.