TZUTC: -0500
MSGID: 1245.consprcy@1:2320/105 2cdfa06e
PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
FORMAT: flowed
Chinese hackers hit Taiwan semiconductor manufacturing in spear phishing
campaign

Date:
Thu, 17 Jul 2025 19:33:00 +0000

Description:
At least three groups were targeting different organizations in the same
industry.

FULL STORY

Multiple Chinese state-sponsored threat actors have been coordinating attacks
on the Taiwanese semiconductor industry, hitting manufacturing, supply chain,
and financial investment analysis firms across the country. 

This is according to cybersecurity researchers Proofpoint, who claim to have
observed at least three different groups participating in the campaign. 

The groups are tracked as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp.
Sometimes, different security vendors label the same groups differently, but
these seem to be new entrants in the cybercriminal world.

A fourth player 

Their tactics, techniques, and procedures (TTP) are somewhat different from
what was observed in the past, leading the researchers to believe that these
are new groups. 

The attacks occurred between March and June this year, and targeted
organizations involved in the manufacturing, design, and testing of
semiconductors and integrated circuits, wider equipment and services supply
chain entities within this sector, as well as financial investment analysts
specializing in the Taiwanese semiconductor market," Proofpoint said. 

The groups use different tools and tactics. Most of the time, initial contact
is achieved via phishing emails, but the malware , and the way it is 
delivered varies from group to group. Among the tools used in this campaign
are Cobalt Strike, Voldemort (a C-based custom backdoor), and HealthKick (a
backdoor that can run commands), among others. 

Proofpoint also mentioned a fourth group, called UNK_ColtCentury (AKA TAG-100
and Storm-2077), which tried to build rapport with their victims before 
trying to infect them with malware. This group was looking to deploy a Remote
Access Trojan (RAT) called Spark. 

"This activity likely reflects China's strategic priority to achieve
semiconductor self-sufficiency and decrease reliance on international supply
chains and technologies, particularly in light of U.S. and Taiwanese export
controls," the researchers explained. 

"These emerging threat actors continue to exhibit long-standing targeting
patterns consistent with Chinese state interests, as well as TTPs and custom
capabilities historically associated with China-aligned cyber espionage
operations." 

China has been vocal about reclaiming Taiwan for years now and has, on
numerous occasions, conducted military exercises in close proximity to the
island nation. 

 Via The Hacker News

======================================================================
Link to news story:
https://www.techradar.com/pro/security/chinese-hackers-hit-taiwan-semiconducto
r-manufacturing-in-spear-phishing-campaign

$$
--- SBBSecho 3.28-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664
SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45
SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35
PATH: 2320/105 229/426