- Chinese-linked hackers step up attacks on Taiwan’s chip sector with fake emails and malware.
- Three groups active from March to June, with some still active.
Chinese-linked hacking groups have stepped up efforts to spy on Taiwan’s semiconductor industry and the analysts who follow it. According to cybersecurity firm Proofpoint, at least three China-aligned groups ran separate campaigns from March to June this year, with some activity still ongoing.
The goal isn’t new – stealing information about chipmakers has been happening for years. But this time, researchers say the scale and intensity have grown, and some targets have been hit for the first time.
“We’ve seen entities that we hadn’t ever seen being targeted in the past being targeted,” said Mark Kelly, a threat researcher at Proofpoint who focuses on China-related activity.
The increase in incidents comes as Washington tightens restrictions on exporting US-designed chips to China. Most chips are made in Taiwan, the country home to some of the industry’s biggest players. China has been working to replace those imports as access becomes more limited, especially for chips used in AI.
Proofpoint didn’t name specific companies, but said about 15 to 20 organisations were affected. That includes smaller businesses, large global firms, and analysts working for at least one international bank based in the US.
Taiwan’s top chipmakers include TSMC, MediaTek, UMC, Nanya, and RealTek. TSMC and the others declined to comment.
Reuters couldn’t confirm which firms were targeted or whether any of the attempts worked.
In an emailed response, a spokesperson for China’s embassy in Washington said cyberattacks are a global issue and that China opposes all forms of cybercrime.
The tactics used varied. In some cases, attackers sent just one or two emails to specific individuals. In others, they blasted up to 80 emails to gather information in an entire company, Kelly said.
One group focused on chip design, manufacturing, and supply chain companies. They hijacked email accounts from Taiwanese universities, posed as job seekers, and sent malware through PDF attachments or links leading to infected files.
Another group targeted financial analysts at major investment firms. They posed as staff from a fake investment company and reached out with requests for collaboration. Two of the groups behind the campaigns are based in Asia, while the third is in the US, according to Proofpoint.
Taiwanese cybersecurity firm TeamT5 also reported a rise in email-based threats against the local chip sector. A spokesperson said the activity has gone up, but it’s not yet a broad or widespread trend.
Attempts to breach chipmakers and their supply chains are nothing new. “The targeting of semiconductors and the supply chain around them is a persistent threat,” said the TeamT5 representative. Groups tied to China, they added, have long shown interest in these industries and often target suppliers or related firms.
In one case from June, a group known as “Amoeba” launched a phishing campaign against an unnamed chemical company involved in chip production. The attack, spotted by TeamT5, followed a familiar playbook: reach out with convincing emails and slip in malware to gain access.
Cybersecurity experts say these incidents show a consistent pattern – hit not just the big companies, but the smaller players they rely on. Whether it’s raw materials, logistics, or consulting, attackers often aim for the edges of the supply chain where defences may be weaker.
While the full impact of these campaigns isn’t yet clear, the growing number of attempts points to one thing: Taiwan’s chip sector remains a high-value target.
