In a worrying development, cybersecurity experts have found that hackers backed by China are increasingly targeting Taiwan’s semiconductor sector. These attacks happened between March and June 2025, and the goal was to steal sensitive data from chipmakers, financial analysts, and related companies in the tech supply chain.
A new report from cybersecurity firm Proofpoint highlights that at least three different China-linked hacking groups are involved. These groups, named UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp, are using very advanced techniques to break into networks and steal information.
What’s especially concerning is that these attacks aren’t random. The hackers are using phishing emails that look very professional and convincing. In many cases, they used compromised accounts from Taiwanese universities to make their emails look even more legitimate. Some emails pretended to come from job seekers, while others looked like financial reports from fake investment firms.
One of the most active groups, UNK_FistBump, focused on engineering and chip manufacturing companies. They sent phishing emails with fake resumes attached as ZIP or LNK files. If opened, these files launched a powerful tool called Cobalt Strike. In some cases, the malware also installed a custom-built loader called Voldemort, which quietly gave the hackers control over the system.
Another group, UNK_DropPitch, went after financial analysts who cover the semiconductor sector in Taiwan. They used PDFs in their emails that, when opened, triggered a DLL side-loading attack. This attack method dropped a backdoor called HealthKick, which allowed hackers to take screenshots, run commands, and spy on the victims’ activities.
The third group, UNK_SparkyCarp, used a more sneaky method. They deployed phishing kits designed to trick employees into entering their login details on fake websites. This helped the attackers steal usernames and passwords without needing to install any malware.
All of these activities point to a larger strategy by China to gather economic and technological intelligence. Taiwan is a global leader in chipmaking, especially in advanced AI chips, so it’s no surprise that the industry is a high-value target. Experts believe this cyber espionage effort is part of China’s plan to reduce its reliance on foreign semiconductor technology and gain an edge in global tech competition.
The attacks affected around 15 to 20 organizations, including semiconductor firms, supply chain partners, and financial institutions. However, researchers say it’s still unclear how many of these attacks were successful or how much data may have been stolen.
The phishing emails were crafted carefully to avoid detection. Some looked like job applications with resumes attached. Others had password-protected files that seemed harmless at first. Once opened, though, the malware would silently install itself and begin stealing data or opening a backdoor for remote access.
Taiwan’s own cybersecurity community, including experts from TeamT5, has confirmed these findings. They said that although this wave of attacks isn’t yet “widespread,” it shows clear signs of being coordinated and persistent.
Security researchers are urging companies in the semiconductor sector to step up their defenses. They recommend extra training for employees to recognize phishing emails, better network monitoring to detect tools like Cobalt Strike, and strict policies around opening unknown attachments or links.
In conclusion, these attacks are not just another wave of cybercrime, they are well-planned, state-backed espionage campaigns. With rising geopolitical tensions and new tech export restrictions, Taiwan’s chip industry is under growing pressure to stay protected. The message is clear: cyber defense is now just as important as innovation in the semiconductor race.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
