Cyber Espionage Surge Hits Taiwan's Semiconductor Sector, Analysts Warn
Chinese-linked hacking groups have escalated targeted cyber espionage efforts against Taiwan's semiconductor companies and financial analysts, according to cybersecurity firm Proofpoint. The attacks, mostly between March and June, were conducted by at least three China-aligned groups and are believed to still be active. X
Proofpoint said previously untouched organizations are now being targeted, signaling a broadening strategy by these advanced hacking operators. While they did not disclose specific names, the victims ranged from small firms to multinational companies and investment analysts—including some at a U.S.-based global bank.
The campaigns coincide with growing U.S. restrictions on chip exports to China, pushing Beijing to seek alternative access to semiconductor technology, especially for artificial intelligence applications. Taiwan, home to leading firms like TSMC, MediaTek, UMC, Nanya, and RealTek, remains a global chipmaking powerhouse. TSMC declined to comment; the others did not respond to Reuters' inquiries.
One hacking group used spoofed university email accounts to pose as job seekers, sending infected files to companies in the semiconductor supply chain. Another posed as a fake investment firm to lure analysts with malware-laced documents. Attack volumes ranged from a handful of emails to as many as 80 per campaign.
Taiwanese cybersecurity firm TeamT5 confirmed a spike in email-based targeting but described it as selective rather than widespread. It said Chinese hackers often target peripheral suppliers, citing a June attack on a chemical firm critical to chip manufacturing.
The Chinese embassy in Washington denied involvement, stating that China opposes all forms of cyberattacks. The FBI declined to comment.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Straits Times
2 hours ago
- Straits Times
India to resume issuing tourist visas to Chinese citizens
Find out what's new on ST website and app. India's Prime Minister Narendra Modi shakes hands with China's Premier Li Qiang during the BRICS Summit in Rio de Janeiro, Brazil July 7, 2025. REUTERS/Ricardo Moraes/File Photo HONG KONG - India will resume issuing tourist visas to Chinese citizens from July 24 this year, its embassy in China said on Wednesday, the first time in five years as both countries move to repair their rocky relationship. Tensions between the two countries escalated following a 2020 military clash along their disputed Himalayan border. In response, India imposed restrictions on Chinese investments, banned hundreds of popular Chinese apps and cut passenger routes. China suspended visas to Indian citizens and other foreigners around the same time due to the COVID-19 pandemic but lifted those restrictions in 2022, when it resumed issuing visas for students and business travellers. Tourist visas for Indian nationals remained restricted until March this year, when both countries agreed to resume direct air service. Relations have gradually improved, with several high-level meetings taking place last year, including talks between Chinese President Xi Jinping and Indian Prime Minister Narendra Modi in Russia in October. India and China share a 3,800 km (2,400-mile) border that has been disputed since the 1950s. The two countries fought a brief but brutal border war in 1962 and negotiations to settle the dispute have made slow progress. In July, India's foreign minister stated that both countries must resolve border friction, pull back troops and avoid "restrictive trade measures" to normalise their relationship, he told China's Foreign Minister Wang Yi. REUTERS Top stories Swipe. Select. Stay informed. Singapore Singapore's domestic recycling rate drops to all-time low of 11% Singapore HDB launches 10,209 BTO and balance flats, as priority scheme for singles kicks in Singapore Local buyers are key to recovery of prime district condo market Singapore Youth Courts will take a new approach to cases, focused on underlying issues and supporting needs Business Singapore core inflation stays unchanged in June but uncertainties to outlook remain high Life The Projector will resume daily screenings at Golden Mile Tower. Is it exiting Cineleisure next? Singapore Ex-Tanjong Pagar United footballer charged with assault after Singapore Premier League match in Feb Asia Japan Prime Minister Ishiba to resign by August, Mainichi newspaper reports
Straits Times
3 hours ago
- Straits Times
Microsoft says Chinese state-backed hackers exploiting flaws in attacks
Microsoft said it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. BEIJING – Microsoft said that Chinese state-sponsored actors were exploiting vulnerabilities in one of its popular collaboration software products, SharePoint, which is used by US government agencies and many companies worldwide. Microsoft said in a notice on its security blog on July 22 that it had identified at least two China-based groups linked to the Chinese government that it said had been taking advantage of security flaws in its SharePoint software. Such attacks aim to sneak into the computer systems of users. Those groups, called Linen Typhoon and Violet Typhoon, were ones that Microsoft said it had been tracking for years, and which it said had been targeting organisations and personnel related to government, defence, human rights, higher education, media, and financial and health services in the United States, Europe and East Asia. Microsoft said another actor, which it called Storm-2603, was also involved in the hacking campaign. It said it had 'medium confidence' that Storm-2603 was a 'China-based threat actor'. The US government's Cybersecurity and Infrastructure Security Agency issued a notice that said it was aware of the hacking attack on SharePoint. It added that it had notified 'critical infrastructure organisations' that were affected. 'While the scope and impact continue to be assessed,' the agency said, the vulnerabilities would enable 'malicious actors to fully access SharePoint content, including file systems and internal configurations and execute code over the network.' A Microsoft spokesperson wrote in an emailed response that the company had been 'coordinating closely' with the Cybersecurity and Infrastructure Security Agency, the Department of Defense's Cyber Defense Command and 'key cybersecurity partners globally throughout our response'. The Chinese Embassy in Washington did not immediately respond to a request for comment. China has routinely denied being behind cyberattacks and asserts that it is a victim of them. Microsoft said in its blog post that investigations into other actors also using these exploits were still ongoing. Eye Security, a cybersecurity firm, said that it had scanned more than 23,000 SharePoint servers worldwide, and discovered more than 400 systems had been actively compromised. The cybersecurity firm also noted that the breaches could allow hackers to steal cryptographic keys that would allow them to impersonate users or services even after the server was patched. It said users would need to take further steps to protect their information. Chinese hackers have shown growing sophistication in their ability to penetrate US government systems, leaving American officials increasingly alarmed. During a breach of the US telecommunications system last year, Chinese hackers were able to listen in on telephone conversations and read text messages, members of Congress said. The hack was considered so severe that former President Joe Biden took it up directly with President Xi Jinping of China when they met in Peru in November. In this latest breach, Microsoft said hackers had been using the software weaknesses to attempt, and gain, access to 'target organisations' since as early as July 7. It issued security updates and urged users to install them immediately. Microsoft revealed the vulnerabilities in SharePoint this month, but at first patched them only partially. It said on July 19 that it was aware of active attacks trying to exploit those vulnerabilities. Cybersecurity firms had said that they believed Chinese actors were among those attackers, even before Microsoft said so on July 22. SharePoint helps organisations create websites and manage documents. It integrates with other Microsoft services such as Office, Teams and Outlook. Microsoft said the vulnerabilities affected only on-premises SharePoint servers, meaning those managed by organisations on their own computer networks, and not those operated on Microsoft's cloud. Palo Alto Networks, a cybersecurity company, said in a post about the breach that on-premises servers 'particularly within government, schools, health care (including hospitals) and large enterprise companies' were 'at immediate risk.' 'A compromise in this situation doesn't stay contained, it opens the door to the entire network,' the cybersecurity company said. NYTIMES
Straits Times
3 hours ago
- Straits Times
HK police arrest 18-year-old for writing ‘seditious words' in toilet
Find out what's new on ST website and app. Hong Kong has taken a flurry of enforcement actions under security law commonly known as Article 23. HONG KONG – Hong Kong police arrested an 18-year-old on suspicion he left what they called 'seditious' messages in a toilet, adding to a recent series of national security actions that signal the authorities' continued efforts to curb dissent. The man is accused of being 'involved in writing seditious words in a commercial building toilet on three separate occasions', the government said on July 23. The content allegedly provoked hatred and disaffection against the government and incited others to defy the law. The move is the latest in a flurry of enforcement actions against perceived threats to the Chinese state in the former British colony. Hong Kong is seeking to burnish its status as a finance hub after its image took a hit from strict pandemic controls and clampdown on political freedoms. Earlier in July, police arrested four men for allegedly advocating independence for the semi-autonomous Chinese territory. In June, the local authorities took their first known joint operation with Beijing's security officers to investigate a case of alleged foreign collusion. Police also banned a Taiwanese video game for allegedly calling for armed revolution. Top stories Swipe. Select. Stay informed. Singapore S'pore's domestic recycling rate drops to all time low of 11% Singapore HDB launches 10,209 BTO and balance flats, as priority scheme for singles kicks in Singapore Youth Courts will take a new approach to cases, focused on underlying issues and supporting needs Life The Projector will resume daily screenings at Golden Mile Tower. Is its Cineleisure exit next? Singapore Ex-Tanjong Pagar United footballer charged with assault after Jurong East Stadium match Business Singapore's digital banks finding their niche in areas like SMEs as they narrow losses in 2024 Asia Japan Prime Minister Ishiba to resign by August, Mainichi newspaper reports Life New Pokemon theme park to open in Japan in early 2026 In its statement on July 23, the National Security Department of the police charged the man for carrying out 'with a seditious intention an act or acts that had a seditious intention', a crime that is punishable by up to seven years of imprisonment on first conviction. The offence is defined in the Safeguarding National Security Ordinance, commonly known as Article 23, which was fast-tracked into domestic law in 2024. It has been invoked in addition to the Beijing-imposed National Security Law of 2020, which the authorities used to detain and imprison dozens of leading democracy activists. BLOOMBERG
