Chinese-linked hackers have intensified cyber-espionage efforts against Taiwan’s semiconductor industry and financial analysts, conducting coordinated attacks between March and June 2025, with some operations still ongoing. Reuters reports that cybersecurity firm Proofpoint has attributed the activity to at least three previously undocumented China-aligned groups—UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp—while a fourth group, UNK_ColtCentury (also tracked as TAG-100 or Storm-2077), attempted to build trust with its targets before deploying a remote access trojan (RAT) known as Spark.
These attacks are believed to be part of Beijing’s long-term push for semiconductor self-sufficiency, driven by U.S. export restrictions and Taiwan’s dominance in advanced chip manufacturing. The hackers have focused on organizations involved in semiconductor design, manufacturing, testing, and supply chains, as well as investment analysts tracking Taiwan’s semiconductor sector.
TeamT5, a Taiwanese cybersecurity firm, has reported an uptick in email-based threats aimed at Taiwan’s semiconductor industry. According to Reuters, the firm has noted that attackers often exploit weaker defenses in smaller suppliers and related industries to gain a foothold. In June, for example, a China-linked group known as Amoeba launched a phishing campaign against a chemical company critical to the semiconductor supply chain. This strategy of targeting peripheral (secondary) sectors—such as raw materials, logistics, or consulting—underscores a broader effort to compromise the supply chain by exploiting its less-protected edges.
The scope and scale of these campaigns underscore the growing geopolitical tension around Taiwan’s semiconductor dominance. Proofpoint researchers, including threat expert Mark Kelly, have warned that entities not previously on the radar are now being singled out. In late 2023, it was discovered that the Chimera group breached Europe’s NXP—the continent’s largest chipmaker—remaining undetected for over two years and stole sensitive chip design IP. Kelly noted that attackers sometimes sent just one or two highly targeted emails, while other campaigns involved as many as 80 emails to infiltrate entire organizations.
China’s embassy in Washington responded to the reports by reiterating that cyberattacks are a global issue and that China “firmly opposes and combats all forms of cybercrime”. Earlier this year, it was reported that the U.S. Treasury was broken into, and the government discovered Chinese hackers targeting Guam's critical infrastructure. As such, these operations show clear alignment with Chinese state interests, as the targeting, tools, and tactics bear the hallmarks of China-linked cyber-espionage groups. With the Taiwanese semiconductor industry sitting at the heart of the global chip supply chain—and with ongoing export control measures from the U.S.—the sector remains one of the most valuable intelligence targets in the world.
Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
