Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry

Controlling advanced chip manufacturing in the 21st century may well prove to be like controlling the oil supply in the 20th. The country that controls this manufacturing can throttle the military and economic power of others.

Right now, Taiwan finds itself in an existential conflict with China and has been targeted by China's state-sponsored hackers for years. An investigation by leading Taiwanese security firm CyCraft has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.

The hackers have compromised at least seven Taiwanese chip firms over the past two years. The hackers went after these seven vendors in the semi-conductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software. CyCraft analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,...They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” say CyCraft.

It was unclear which companies were targeted and CyCraft has declined to name them. It is unclear who was responsible for the hacking. CyCraft said there were signs the group of attackers was based in China, including their familiarity with simplified Chinese characters and the breaks they took during Chinese national holidays. 

The hackers broke into some of the corporate networks by exploiting virtual private networking software, CyCraft said. The attackers then altered a software authentication program and planted malicious code that allowed them to access other machines on the network. “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report. Independent analysts who track China-related hacking activity said they had not observed and verified the particular attacks described by CyCraft. 

The Taiwanese firm said it had conducted incident response on site, and that it plans to release more technical data. But the hacking would not be the first time that the semiconductor industry has been targeted.

The hackers also appeared to operate largely within Beijing's time zone, to follow a "996" work schedule, the 9am to 9pm, six-days-a-week regimen common in the Chinese tech industry, and to take off Mainland Chinese holidays. CyCraft says they've learned from their cooperation with Taiwanese and foreign intelligence agencies that a hacker group using similar techniques also targeted Taiwanese government agencies.

CyCraft said it was unable to tell what the group was doing with all the technological information it had stolen from Taiwan, though its aim could just be to pass on the data to Chinese competitors. 

One of their intentions could be to seek vulnerabilities in new products, making them compromised even before they are made available to the public, researchers said. The more likely motivation of the hacking campaign is simply to give China's own semiconductor makers a leg up over their rivals. 

China has strongly denied accusations of engaging in cyber warfare or hacking, and has said it is itself one of the world’s biggest victims of such incidents.

CyCraft:      Taiwan News:       CyberScoop:       Wired:        Reuters:         News360:

You Might Also Read: 

China's Surveillance State Extends Beyond Its Borders:

 

« Teacher Estimates Replace Algorithm That Reduced Exam Grades
Seven Cyber Security Questions Businesses Need To Ask Themselves »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Titania

Titania

Titania provide network security and compliance software. Find your Network Security gaps before hackers do with our security & compliance tools.

Greenbone Networks

Greenbone Networks

Greenbone Networks delivers a vulnerability analysis solution for enterprise IT which includes reporting and security change management.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

Cyber Defense Labs

Cyber Defense Labs

Cyber Defense Labs helps companies identify, mitigate and reduce risk as a trusted, reliable partner for cyber risk management.

TI Safe

TI Safe

TI Safe provide cybersecurity solutions for industrial networks of main critical infrastructures in Latin America.

Information and Communication Technology Authority (ICT Authority) - Kenya

Information and Communication Technology Authority (ICT Authority) - Kenya

The ICT Authority is responsible for enforcing ICT standards in Government and ensuring information security.

Simply Hired

Simply Hired

Simply Hired is a job search engine that collects job listings from all over the web, including company career pages, job boards and niche job websites.

LibraSoft

LibraSoft

Librasoft creates solutions to protect information from external and internal threats.

Control System Cyber Security Association International (CS2AI)

Control System Cyber Security Association International (CS2AI)

CS2AI is the premier global not for profit workforce development organization supporting professionals of all levels charged with securing control systems.

TestArmy

TestArmy

TestArmy CyberForces provide you with a broad spectrum of cybersecurity services to test every aspect of your IT infrastructure security and software development process.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Armexa

Armexa

Armexa is a leading provider of advanced industrial cybersecurity solutions that protect your critical OT and ICS infrastructure against ever-changing threats.

Evanssion

Evanssion

Evanssion is a value added distributor specialized in Cloud Native & Cyber Security across Middle East & Africa.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.