Chinese Hackers Intensify Cyber Attacks on Taiwan's Semiconductor Industry Amid Global Chip Tensions

Exclusive: China-linked hackers target Taiwan's chip industry with increasing attacks, researchers say

July 16 (Reuters) - Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis, opens new tab. "We've seen entities that we hadn't ever seen being targeted in the past being targeted," said Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint. The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of this year, with some activity likely ongoing, Proofpoint said. They come amid rising restrictions by Washington on exports to China of U.S.-designed chips that are often manufactured in Taiwan. China's chip industry has been working to replace its dwindling supply of sophisticated U.S. chips, especially those used in artificial intelligence. The researchers declined to identify the hacking targets, but told Reuters that approximately 15 to 20 organizations ranging from small businesses, analysts employed by at least one U.S.-headquartered international bank, and large global enterprises faced attacks. Major Taiwanese semiconductor firms include Taiwan Semiconductor Manufacturing Co (2330.TW), opens new tab, MediaTek (2454.TW), opens new tab, United Microelectronics Corp (2303.TW), opens new tab, Nanya Technology (2408.TW), opens new tab and RealTek Semiconductor (2379.TW), opens new tab. TSMC declined to comment. MediaTek, UMC, Nanya and RealTek did not respond to requests for comment. Reuters was unable to identify the specific hacking targets or determine whether any of the efforts were successful. A spokesperson for the Chinese embassy in Washington told Reuters in an email that cyber attacks "are a common threat faced by all countries, China included," and that the Asian country "firmly opposes and combats all forms of cyber attacks and cyber crime -- a position that is consistent and clear." The activity ranged from one or two emails sent as part of the more targeted campaign focused on specific people, to as many as 80 emails when trying to gain information from the company at large, Kelly said. One group targeted semiconductor design, manufacturing and supply-chain organizations using compromised Taiwanese university email accounts to pose as job seekers and send malware via PDFs with URLs leading to malicious files, or a password-protected archive. Another targeted financial analysts at major unnamed investment firms focused on the Taiwanese semiconductor industry by posing as a fictitious investment firm and seeking collaboration. Two of the entities are based in Asia, while the third is based in the U.S. The FBI declined to comment. A representative of TeamT5, a cybersecurity firm based in Taiwan, told Reuters that it had also seen an increase in emails being sent targeting the semiconductor industry tied to a few hacking groups, "but not a wide or general phenomenon." Targeting of semiconductors and the supply chain around them "is a persistent threat that has existed for long," the representative said, and a "constant interest" for Chinese-related advanced hacking operators. These groups often target "peripheral suppliers or related industries," the representative said, such as a situation in June where a China-linked hacking group identified by TeamT5 as "Amoeba" launched a phishing campaign against an unnamed chemical company that plays a critical role in the semiconductor supply chain. Reporting by AJ Vicens in Detroit; Editing by Chris Sanders and Matthew Lewis Our Standards: The Thomson Reuters Trust Principles., opens new tab * Suggested Topics: * Cybersecurity A.J. Vicens Thomson Reuters Cybersecurity correspondent covering cybercrime, nation-state threats, hacks, leaks and intelligence

Looks like the Taiwanese chip industry is becoming a hot target for Chinese state-sponsored hackers trying to nab trade secrets

Nothing brings to light the spookily anarchic nature of the international order more than cyber warfare. It's happening all the time, in that ethereal realm of bits and bytes -- poking, prodding, testing. We might picture this as state agencies tampering with other state agencies, but the reality is often far from it, as demonstrated by a recent report from cybersecurity company Proofpoint's Threat Research team (via Mynavi). This research shows how Chinese state-sponsored cyber attackers have been targeting the Taiwanese semiconductor industry. And this in itself, I'm sure, isn't exactly news, but Proofpoint explains that this has been at an "elevated level" over the past few months: "Despite public reporting on semiconductor targeting from China-aligned threat actors, Proofpoint directly observed only sporadic targeting of this sector. Since March 2025, this shifted to sightings of multiple campaigns from different China-aligned groups specifically targeting this sector, with a particular emphasis on Taiwanese entities." The cybersecurity company thinks these attacks are probably attempts at espionage aimed at beefing up its own tech: "This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains and technologies, particularly in light of US and Taiwanese export controls." This risk -- that if China is denied or restricted access to chips, it might look to develop its own competition -- isn't exactly an unfamiliar one. Nvidia CEO Jensen Huang, for one, has been banging the drum of the need to "accelerate the diffusion of American AI technology around the world" rather than block its adoption abroad. Only last week, he reportedly said that "the American tech stack should be the global standard, just as the American dollar is the standard by which every country builds on." So, it's certainly a familiar argument. And it's one that could even have had some weight in the recent decision to allow Nvidia to start selling H20 chips to China again. (And now I hear AMD might be joining the party, too? Boy, does the world of tech move fast.) On the other hand, none of that is strictly about semiconductors (Nvidia being a fabless enterprise, after all). And if we think tech export restrictions, tariffs, and other isolationist US strategies are at least part of what's led to big recent semiconductor investments in the US, then there might be reason to consider such espionage threats 'worth it', so to speak. Who knows what the bigwigs use to weigh up those risk calculations. Presumably, companies migrating to the US rather than Taiwan wouldn't do anything to stop these cyber attacks, though. The attacks in question targeted "organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market." They were primarily phishing attacks, some attempting to deliver a Cobalt Strike (this being a wide-spanning pentesting tool) or Voldemort backdoor (this being a "custom backdoor written in C") and another that attempted to tunnel data out and deploy a remote monitoring and management tool on targets "deemed of interest." Again, spooky stuff, but bear in mind these attacks, even if they were very targeted (ie, spear-phishing), were still phishing ones. Which means they require you to fall for them and download an email attachment, for instance. Though saying that, phishing attacks of this level of sophistication can be hard to spot -- Proofpoint explains that one attack actor "used compromised Taiwanese university email addresses to send their phishing email to recruitment and HR personnel." Thus we find the state of corporate espionage today. Except I guess this is state-sponsored corporate espionage, which is expected, given how intertwined with the state the corporate world is in China. Perhaps those H20s will keep the hunger for such espionage low. Somehow, I doubt it.

China-linked hackers seen targeting Taiwan's chip industry with increasing attacks

Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis. "We've seen entities that we hadn't ever seen being targeted in the past being targeted," said Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint. The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of this year, with some activity likely ongoing, Proofpoint said. They come amid rising restrictions by Washington on exports to China of U.S.-designed chips that are often manufactured in Taiwan. China's chip industry has been working to replace its dwindling supply of sophisticated U.S. chips, especially those used in artificial intelligence. The researchers declined to identify the hacking targets but said that approximately 15 to 20 organizations ranging from small businesses, analysts employed by at least one U.S.-headquartered international bank, and large global enterprises faced attacks.