China-linked hackers lay siege on Taiwan's chip industry

Chinese-linked hackers have stepped up a series of cyber‑attacks against Taiwan’s semiconductor sector and related investment analysts, according to a new report by cybersecurity firm Proofpoint. 

The attacks, which took place mostly between March and June this year and may still be underway, reflect Beijing‑aligned groups’ growing focus on high‑value targets in Taiwan’s chip industry and those who track it.

Proofpoint researchers say they detected at least three separate hacking clusters operating during that period. 

Mark Kelly, a threat researcher specializing in China‑related threats at Proofpoint, noted the change in scope. “We’ve seen entities that we hadn’t ever seen being targeted in the past being targeted,” he said.

Taiwan is in the middle of US-China tensions

The campaigns come as the United States has tightened controls on exports of American‑designed chips to China, many of which are made in Taiwanese factories. 

China’s domestic chipmakers have been racing to replace their dwindling stock of advanced US components, especially for use in AI.

Proofpoint would not name the specific victims, and told Reuters that roughly 15-20 organizations faced attack. Targets ranged from small specialist firms and analysts working for one US-based global bank at least, to some of the world’s largest technology companies.

Prominent Taiwanese semiconductor companies include Taiwan Semiconductor Manufacturing Co (TSMC), MediaTek, United Microelectronics Corp (UMC), Nanya Technology and RealTek Semiconductor. 

Reuters couldn’t verify which groups were hit or whether any breaches succeeded. A Chinese embassy spokesperson in Washington said that cyber attacks “are a common threat faced by all countries, China included,” in an email and that Beijing “firmly opposes and combats all forms of cyber attacks and cyber crime.”

Proofpoint’s analysis shows that the attackers used various approaches

In some cases, they sent only one to two carefully crafted emails aimed at specific individuals. In others, they blasted out up to 80 messages to try to trick anyone in a target firm into revealing information.

One of the hacking groups focused on companies involved in chip manufacturing, design, and their supply chains. They hijacked email accounts at Taiwanese universities, pretending to be prospective job applicants. Those fake applicants would send PDF files containing links to malicious software or encrypted archives that held malware.

A second cluster zeroed in on analysts at one major investment firm that covers Taiwan’s semiconductor sector. The hackers created a bogus investment advisory company, then reached out to analysts under the pretense of discussing possible partnerships. 

Proofpoint says two among the fake “firms” were from Asia, and the other in the United States. The FBI did not reply to requests for comment.

Taiwanese cybersecurity company TeamT5 has also noticed a rise in phishing emails aimed at the chip industry, though it describes the uptick as limited rather than widespread. 

A representative told Reuters that attacks on semiconductors and their supply chains “is a persistent threat that has existed for long,” and remains a “constant interest” for advanced China‑linked hacking outfits.

Those groups often go after peripheral suppliers or related service providers. In June, TeamT5 tracked a phishing operation by a China‑linked team known as “Amoeba.” 

That campaign targeted an unnamed chemical company whose products are vital to semiconductor manufacturing.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More