A recent Proofpoint Threat Research report reveals a coordinated espionage campaign by China-aligned threat actors targeting Taiwan’s semiconductor industry, including malware deployment and spearphishing tactics. The attacks aim to support China’s goal of semiconductor self-sufficiency amidst export controls. #ChinaThreatActors #TaiwanSemiconductor
Keypoints
- Multiple Chinese-aligned threat groups have escalated their espionage activities against Taiwan’s semiconductor sector.
- One group, UNK_FistBump, used spearphishing with password-protected archives to infect targets with Cobalt Strike and Voldemort malware.
- Voldemort backdoor employs DLL sideloading and Google Sheets as a stealthy command-and-control channel.
- Another group, UNK_DropPitch, targeted investment analysts with a backdoor called HealthKick via malicious ZIP files.
- Additional actors like UNK_SparkyCarp and UNK_ColtCentury employed phishing, adversary-in-the-middle kits, and benign conversations to facilitate malware deployment.