Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting
Essential information
- Published
- 17/07/2025 20:06
- Modified
- 17/07/2025 20:44
- Tags
- 2025-07-17 cobalt strike espionage healthkick phishing semiconductor sparkrat unk_droppitch unk_fistbump unk_sparkycarp voldemort
- Related entities
- 54 observables, 5 others
Description
Between March and June 2025, three Chinese state-sponsored threat actors conducted targeted phishing campaigns against the Taiwanese semiconductor industry. The campaigns targeted organizations involved in semiconductor manufacturing, design, testing, supply chain, and financial analysis. This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains. The threat actors used various tactics including job application lures, investment collaboration pitches, and credential phishing. They deployed custom malware like Voldemort backdoor and HealthKick, as well as tools like Cobalt Strike. The targeting extended beyond semiconductor companies to include financial analysts specializing in the Taiwanese semiconductor market, indicating comprehensive intelligence collection efforts across the sector.