Latest news with #China-aligned
International Business Times
2 days ago
- Business
- International Business Times
Cyber Espionage Surge Hits Taiwan's Semiconductor Sector, Analysts Warn
July 17, 2025 22:44 +08 Chinese-linked hacking groups have escalated targeted cyber espionage efforts against Taiwan's semiconductor companies and financial analysts, according to cybersecurity firm Proofpoint. The attacks, mostly between March and June, were conducted by at least three China-aligned groups and are believed to still be active. X Proofpoint said previously untouched organizations are now being targeted, signaling a broadening strategy by these advanced hacking operators. While they did not disclose specific names, the victims ranged from small firms to multinational companies and investment analysts—including some at a U.S.-based global bank. The campaigns coincide with growing U.S. restrictions on chip exports to China, pushing Beijing to seek alternative access to semiconductor technology, especially for artificial intelligence applications. Taiwan, home to leading firms like TSMC, MediaTek, UMC, Nanya, and RealTek, remains a global chipmaking powerhouse. TSMC declined to comment; the others did not respond to Reuters' inquiries. One hacking group used spoofed university email accounts to pose as job seekers, sending infected files to companies in the semiconductor supply chain. Another posed as a fake investment firm to lure analysts with malware-laced documents. Attack volumes ranged from a handful of emails to as many as 80 per campaign. Taiwanese cybersecurity firm TeamT5 confirmed a spike in email-based targeting but described it as selective rather than widespread. It said Chinese hackers often target peripheral suppliers, citing a June attack on a chemical firm critical to chip manufacturing. The Chinese embassy in Washington denied involvement, stating that China opposes all forms of cyberattacks. The FBI declined to comment.
Time of India
2 days ago
- Business
- Time of India
China-linked hackers target Taiwan's chip industry with increasing attacks, researchers say
By AJ Vicens Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis. "We've seen entities that we hadn't ever seen being targeted in the past being targeted," said Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint. The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of this year, with some activity likely ongoing, Proofpoint said. They come amid rising restrictions by Washington on exports to China of U.S.-designed chips that are often manufactured in Taiwan. China's chip industry has been working to replace its dwindling supply of sophisticated U.S. chips, especially those used in artificial intelligence. The researchers declined to identify the hacking targets, but told Reuters that approximately 15 to 20 organizations ranging from small businesses, analysts employed by at least one U.S.-headquartered international bank, and large global enterprises faced attacks. Major Taiwanese semiconductor firms include Taiwan Semiconductor Manufacturing Co , MediaTek , United Microelectronics Corp, Nanya Technology and RealTek Semiconductor. TSMC declined to comment. MediaTek, UMC, Nanya and RealTek did not respond to requests for comment. Reuters was unable to identify the specific hacking targets or determine whether any of the efforts were successful. A spokesperson for the Chinese embassy in Washington told Reuters in an email that cyber attacks "are a common threat faced by all countries, China included," and that the Asian country "firmly opposes and combats all forms of cyber attacks and cyber crime - a position that is consistent and clear." The activity ranged from one or two emails sent as part of the more targeted campaign focused on specific people, to as many as 80 emails when trying to gain information from the company at large, Kelly said. One group targeted semiconductor design, manufacturing and supply-chain organizations using compromised Taiwanese university email accounts to pose as job seekers and send malware via PDFs with URLs leading to malicious files, or a password-protected archive. Another targeted financial analysts at major unnamed investment firms focused on the Taiwanese semiconductor industry by posing as a fictitious investment firm and seeking collaboration. Two of the entities are based in Asia, while the third is based in the U.S. The FBI declined to comment. A representative of TeamT5, a cybersecurity firm based in Taiwan, told Reuters that it had also seen an increase in emails being sent targeting the semiconductor industry tied to a few hacking groups, "but not a wide or general phenomenon." Targeting of semiconductors and the supply chain around them "is a persistent threat that has existed for long," the representative said, and a "constant interest" for Chinese-related advanced hacking operators. These groups often target "peripheral suppliers or related industries," the representative said, such as a situation in June where a China-linked hacking group identified by TeamT5 as "Amoeba" launched a phishing campaign against an unnamed chemical company that plays a critical role in the semiconductor supply chain.
The Hindu
2 days ago
- Business
- The Hindu
China-linked hackers target Taiwan's chip industry with increasing attacks, researchers say
Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on Wednesday. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis. 'We've seen entities that we hadn't ever seen being targeted in the past being targeted,' said Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint. The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of this year, with some activity likely ongoing, Proofpoint said. They come amid rising restrictions by Washington on exports to China of U.S.-designed chips that are often manufactured in Taiwan. China's chip industry has been working to replace its dwindling supply of sophisticated U.S. chips, especially those used in artificial intelligence. The researchers declined to identify the hacking targets, but told Reuters that approximately 15 to 20 organisations ranging from small businesses, analysts employed by at least one U.S.-headquartered international bank, and large global enterprises faced attacks. Major Taiwanese semiconductor firms include Taiwan Semiconductor Manufacturing Co, MediaTek, United Microelectronics Corp, Nanya Technology and RealTek Semiconductor. TSMC declined to comment. MediaTek, UMC, Nanya and RealTek did not respond to requests for comment. Reuters was unable to identify the specific hacking targets or determine whether any of the efforts were successful. A spokesperson for the Chinese embassy in Washington told Reuters in an email that cyber attacks 'are a common threat faced by all countries, China included,' and that the Asian country 'firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear.' The activity ranged from one or two emails sent as part of the more targeted campaign focused on specific people, to as many as 80 emails when trying to gain information from the company at large, Kelly said. One group targeted semiconductor design, manufacturing and supply-chain organisations using compromised Taiwanese university email accounts to pose as job seekers and send malware via PDFs with URLs leading to malicious files, or a password-protected archive. Another targeted financial analysts at major unnamed investment firms focused on the Taiwanese semiconductor industry by posing as a fictitious investment firm and seeking collaboration. Two of the entities are based in Asia, while the third is based in the U.S. The FBI declined to comment. A representative of TeamT5, a cybersecurity firm based in Taiwan, told Reuters that it had also seen an increase in emails being sent targeting the semiconductor industry tied to a few hacking groups, 'but not a wide or general phenomenon.' Targeting of semiconductors and the supply chain around them 'is a persistent threat that has existed for long,' the representative said, and a 'constant interest' for Chinese-related advanced hacking operators. These groups often target 'peripheral suppliers or related industries,' the representative said, such as a situation in June where a China-linked hacking group identified by TeamT5 as "Amoeba" launched a phishing campaign against an unnamed chemical company that plays a critical role in the semiconductor supply chain.
Straits Times
3 days ago
- Business
- Straits Times
China-linked hackers target Taiwan's chip industry with increasing attacks, researchers say
The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of 2025. TAIPEI - Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers said on July 16. While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cybersecurity firm Proofpoint said in a new analysis. 'We've seen entities that we hadn't ever seen being targeted in the past being targeted,' said Mr Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint. The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June of 2025, with some activity likely ongoing, Proofpoint said. They come amid rising restrictions by Washington on exports to China of US-designed chips that are often manufactured in Taiwan. China's chip industry has been working to replace its dwindling supply of sophisticated US chips, especially those used in artificial intelligence. The researchers declined to identify the hacking targets, but told Reuters that approximately 15 to 20 organisations ranging from small businesses, analysts employed by at least one US-headquartered international bank, and large global enterprises faced attacks. Major Taiwanese semiconductor firms include Taiwan Semiconductor Manufacturing Co, MediaTek, United Microelectronics Corp, Nanya Technology and RealTek Semiconductor. TSMC declined to comment. MediaTek, UMC, Nanya and RealTek did not respond to requests for comment. Reuters was unable to identify the specific hacking targets or determine whether any of the efforts were successful. A spokesperson for the Chinese embassy in Washington told Reuters in an email that cyber attacks 'are a common threat faced by all countries, China included', and that the Asian country 'firmly opposes and combats all forms of cyber attacks and cyber crime – a position that is consistent and clear'. The activity ranged from one or two emails sent as part of the more targeted campaign focused on specific people, to as many as 80 emails when trying to gain information from the company at large, Mr Kelly said. One group targeted semiconductor design, manufacturing and supply-chain organisations using compromised Taiwanese university email accounts to pose as job seekers and send malware via PDFs with URLs leading to malicious files, or a password-protected archive. Another targeted financial analysts at major unnamed investment firms focused on the Taiwanese semiconductor industry by posing as a fictitious investment firm and seeking collaboration. Two of the entities are based in Asia, while the third is based in the US. The FBI declined to comment. A representative of TeamT5, a cybersecurity firm based in Taiwan, told Reuters that it had also seen an increase in emails being sent targeting the semiconductor industry tied to a few hacking groups, 'but not a wide or general phenomenon'. Targeting of semiconductors and the supply chain around them 'is a persistent threat that has existed for long,' the representative said, and a 'constant interest' for Chinese-related advanced hacking operators. These groups often target 'peripheral suppliers or related industries', the representative said, such as a situation in June where a China-linked hacking group identified by TeamT5 as 'Amoeba' launched a phishing campaign against an unnamed chemical company that plays a critical role in the semiconductor supply chain. REUTERS
Mid East Info
22-05-2025
- Business
- Mid East Info
ESET Research APT Report: Russian cyberattacks in Ukraine intensify; Sandworm unleashes new destructive wiper
ESET has released its latest advanced persistent threat (APT) report. Russian APT groups intensified attacks against Ukraine and the EU, exploiting zero-day vulnerabilities and deploying wipers. China-aligned groups like Mustang Panda and DigitalRecyclers continued their espionage campaigns targeting the EU government and maritime sectors. North Korea-aligned groups expanded their financially motivated campaigns using fake job listings and social engineering. ESET Research has released its latest APT Activity Report, which highlights activities of select APT groups that were documented by ESET researchers from October 2024 through March 2025. During the monitored period, Russia-aligned threat actors, notably Sednit and Gamaredon, maintained aggressive campaigns primarily targeting Ukraine and EU countries. Ukraine was subjected to the greatest intensity of cyberattacks against the country's critical infrastructure and governmental institutions. The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. China-aligned threat actors continued engaging in persistent espionage campaigns with a focus on European organizations. Gamaredon remained the most prolific actor targeting Ukraine, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. 'The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations,' says ESET Director of Threat Research Jean-Ian Boutin. Sednit refined its exploitation of cross-site scripting vulnerabilities in webmail services, expanding Operation RoundPress from Roundcube to include Horde, MDaemon, and Zimbra. ESET discovered that the group successfully leveraged a zero-day vulnerability in MDaemon Email Server (CVE-2024-11182) against Ukrainian companies. Several Sednit attacks against defense companies located in Bulgaria and Ukraine used spearphishing email campaigns as a lure. Another Russia-aligned group, RomCom, demonstrated advanced capabilities by deploying zero-day exploits against Mozilla Firefox (CVE 2024 9680) and Microsoft Windows (CVE 2024 49039). In Asia, China-aligned APT groups continued their campaigns against governmental and academic institutions. At the same time, North Korea-aligned threat actors significantly increased their operations directed at South Korea, placing particular emphasis on individuals, private companies, embassies, and diplomatic personnel. Mustang Panda remained the most active, targeting governmental institutions and maritime transportation companies via Korplug loaders and malicious USB drives. DigitalRecyclers continued targeting EU governmental entities, employing the KMA VPN anonymization network and deploying the RClient, HydroRShell, and GiftBox backdoors. PerplexedGoblin used its new espionage backdoor, which ESET named NanoSlate, against a Central European government entity, while Webworm targeted a Serbian government organization using SoftEther VPN, emphasizing the continued popularity of this tool among China-aligned groups. Elsewhere in Asia, North Korea-aligned threat actors were particularly active in financially motivated campaigns. DeceptiveDevelopment significantly broadened its targeting, using fake job listings primarily within the cryptocurrency, blockchain, and finance sectors. The group employed innovative social engineering techniques to distribute the multiplatform WeaselStore malware. The Bybit cryptocurrency theft, attributed by the FBI to TraderTraitor APT group, involved a supply-chain compromise of Safe{Wallet} that caused losses of approximately USD 1.5 billion. Meanwhile, other North Korea-aligned groups saw fluctuations in their operational tempo: In early 2025, Kimsuky and Konni returned to their usual activity levels after a noticeable decline at the end of 2024, shifting their targeting away from English-speaking think tanks, NGOs, and North Korea experts to focus primarily on South Korean entities and diplomatic personnel; and Andariel resurfaced, after a year of inactivity, with a sophisticated attack against a South Korean industrial software company. Iran-aligned APT groups maintained their primary focus on the Middle East region, predominantly targeting governmental organizations and entities within the manufacturing and engineering sectors in Israel. Additionally, ESET observed a significant global uptick in cyberattacks against technology companies, largely attributed to increased activity by North Korea-aligned DeceptiveDevelopment. 'The highlighted operations are representative of the broader threat landscape that we investigated during this period. They illustrate the key trends and developments, and contain only a small fraction of the cybersecurity intelligence data provided to customers of ESET APT reports,' adds Boutin. Intelligence shared in the private reports is primarily based on proprietary ESET telemetry data and has been verified by ESET researchers, who prepare in-depth technical reports and frequent activity updates detailing activities of specific APT groups. These threat intelligence analyses, known as ESET APT Reports PREMIUM, assist organizations tasked with protecting citizens, critical national infrastructure, and high-value assets from criminal and nation-state-directed cyberattacks. More information about ESET APT Reports PREMIUM and its delivery of high-quality, actionable tactical and strategic cybersecurity threat intelligence is available at the ESET Threat Intelligence page. Make sure to follow ESET Research on Twitter (today known as X), BlueSky, and Mastodon for the latest news from ESET Research. About ESET ESET® provides cutting-edge digital security to prevent attacks before they happen. By combining the power of AI and human expertise, ESET stays ahead of emerging global cyberthreats, both known and unknown— securing businesses, critical infrastructure, and individuals. Whether it's endpoint, cloud or mobile protection, our AI-native, cloud-first solutions and services remain highly effective and easy to use. ESET technology includes robust detection and response, ultra-secure encryption, and multifactor authentication. With 24/7 real-time defense and strong local support, we keep users safe and businesses running without interruption. The ever-evolving digital landscape demands a progressive approach to security: ESET is committed to world-class research and powerful threat intelligence, backed by R&D centers and a strong global partner network. For more information, visit or follow our social media, podcasts and blogs.
