Chinese hackers launching attacks on semiconductor sector
In a coordinated effort, at least three Chinese state-sponsored threat groups—UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp—have been targeting Taiwan's semiconductor design, manufacturing, supply chain, and financial firms since March 2025. The groups have reportedly focused on approximately 15 to 20 medium to large corporations in the sector, including semiconductor design, manufacturing, testing, and supply chain services, as well as financial investment analysts specializing in the Taiwanese semiconductor market.
The hackers have primarily used spear-phishing campaigns as their attack vector, sending malicious emails that appear legitimate. These emails often impersonate graduate students reaching out to recruitment or HR personnel or pose as investment firms targeting sector analysts. The emails contain malware such as Cobalt Strike and custom C-based backdoors called "Voldemort," which are used to extract sensitive information and advance espionage objectives aligned with China’s semiconductor ambitions.
Notably, some of these attacks have leveraged compromised Taiwanese university email accounts to infiltrate industry targets. Major Taiwanese semiconductor firms like TSMC, MediaTek, United Microelectronics, Nanya Technology, and RealTek Semiconductor have not publicly commented on these attacks, but the sector's impact is significant given the prominence of these firms in the global semiconductor supply chain.
The hacking campaigns have been ongoing for several months, with activity likely still ongoing. The targeted organizations include semiconductor manufacturers, semiconductor design and testing firms, supply chain entities linked to semiconductor equipment and services, and financial investment firms and analysts specializing in the sector.
Researchers have declined to identify the specific hacking targets, but cybersecurity firm TeamT5 based in Taiwan has reported an increase in emails targeting the semiconductor industry tied to a few hacking groups. The FBI has also declined to comment on the hacking campaigns.
The timing of these attacks appears to align with China's strategic goal of building semiconductor self-sufficiency. The hacking aims to steal data and information about the semiconductor industry, with one group posing as a fictitious investment firm and seeking collaboration with two entities based in Asia and one based in the US.
This targeted hacking of the Taiwanese semiconductor industry and investment analysts is part of a persistent threat that has existed for a long time. Chinese-related advanced hacking operators have a constant interest in targeting peripheral suppliers or related industries, making it crucial for these sectors to remain vigilant against cyber threats.
Cybersecurity researchers have observed an increase in targeted attacks on both the semiconductor industry and financial institutions in Taiwan since March 2025. These attacks, allegedly orchestrated by at least three Chinese state-sponsored threat groups, have deployed Malware like Cobalt Strike and custom C-based backdoors named "Voldemort," aiming to extract sensitive information and further China's semiconductor ambitions in finance and technology.