China-affiliated hackers step up cyber assaults on Taiwan's semiconductor industry, according to experts.
A series of sophisticated cyber-espionage campaigns have been reported to target the Taiwanese semiconductor industry and related investment analysts. The campaigns, primarily linked to Chinese state-sponsored groups, have been active between March and June this year.
Key affected companies and entities include major Taiwanese semiconductor manufacturers and designers such as Taiwan Semiconductor Manufacturing Company (TSMC), MediaTek, United Microelectronics Corp. (UMC), Nanya Technology, and RealTek Semiconductor. Additionally, testing facilities, supply chain partners, and financial analysts specializing in semiconductor market investments have also been in the crosshairs.
At least three distinct China-aligned state-sponsored groups have been identified by cybersecurity researchers. Notable among these are UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp. These groups have been using spear-phishing campaigns with employment-themed lures, fake collaboration proposals, and credential phishing as their central tactics. They also employ compromised academic email accounts to enhance credibility and bypass defenses, deploy custom malware families like Voldemort and HealthKick, and use advanced persistence mechanisms.
The campaigns appear designed for comprehensive intelligence gathering across the entire Taiwan semiconductor ecosystem, including technical manufacturing insights as well as intelligence on investment flows shaping the industry. This aligns with China’s broader strategic goal of semiconductor self-sufficiency and efforts to counteract export restrictions from the U.S. and others on advanced chip technologies crucial to artificial intelligence and other fields.
TSMC, the world's largest contract chipmaker, declined to comment on the hacking attempts. At least one of the targeted organizations is an international bank with a US headquarters. Two of these targeted entities are based in Asia, while the third is based in the US.
The FBI declined to comment on the matter, and several other companies, including MediaTek, UMC, Nanya, and RealTek, did not respond to requests for comment.
Sources: [1] Reuters, June 2025 [2] The Wall Street Journal, June 2025 [3] Bloomberg, June 2025 [4] TeamT5, June 2025
The ongoing cyber-espionage campaigns, primarily linked to Chinese state-sponsored groups, are employing spear-phishing tactics and using technology such as custom malware families like Voldemort and HealthKick to target key semiconductor manufacturers, testing facilities, and financial analysts. The goal of these campaigns seems to be comprehensive intelligence gathering within the Taiwan semiconductor ecosystem, including technology manufacturing insights and investment flows, aligning with China's strategic goal of semiconductor self-sufficiency.
