Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry

Uploaded on 2020-08-18 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Controlling advanced chip manufacturing in the 21st century may well prove to be like controlling the oil supply in the 20th. The country that controls this manufacturing can throttle the military and economic power of others.

Right now, Taiwan finds itself in an existential conflict with China and has been targeted by China's state-sponsored hackers for years. An investigation by leading Taiwanese security firm CyCraft has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.

The hackers have compromised at least seven Taiwanese chip firms over the past two years. The hackers went after these seven vendors in the semi-conductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software. CyCraft analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,...They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” say CyCraft.

It was unclear which companies were targeted and CyCraft has declined to name them. It is unclear who was responsible for the hacking. CyCraft said there were signs the group of attackers was based in China, including their familiarity with simplified Chinese characters and the breaks they took during Chinese national holidays. 

The hackers broke into some of the corporate networks by exploiting virtual private networking software, CyCraft said. The attackers then altered a software authentication program and planted malicious code that allowed them to access other machines on the network. “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report. Independent analysts who track China-related hacking activity said they had not observed and verified the particular attacks described by CyCraft. 

The Taiwanese firm said it had conducted incident response on site, and that it plans to release more technical data. But the hacking would not be the first time that the semiconductor industry has been targeted.

The hackers also appeared to operate largely within Beijing's time zone, to follow a "996" work schedule, the 9am to 9pm, six-days-a-week regimen common in the Chinese tech industry, and to take off Mainland Chinese holidays. CyCraft says they've learned from their cooperation with Taiwanese and foreign intelligence agencies that a hacker group using similar techniques also targeted Taiwanese government agencies.

CyCraft said it was unable to tell what the group was doing with all the technological information it had stolen from Taiwan, though its aim could just be to pass on the data to Chinese competitors. 

One of their intentions could be to seek vulnerabilities in new products, making them compromised even before they are made available to the public, researchers said. The more likely motivation of the hacking campaign is simply to give China's own semiconductor makers a leg up over their rivals. 

China has strongly denied accusations of engaging in cyber warfare or hacking, and has said it is itself one of the world’s biggest victims of such incidents.

CyCraft:      Taiwan News:       CyberScoop:       Wired:        Reuters:         News360:

You Might Also Read: 

China's Surveillance State Extends Beyond Its Borders:

 

« Teacher Estimates Replace Algorithm That Reduced Exam Grades
Seven Cyber Security Questions Businesses Need To Ask Themselves »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Capita

Capita

Capita is a consulting, digital services and software business, providing end-to-end enterprise IT services and solutions focused around digital transformation and innovation.

Cryptosense

Cryptosense

Cryptosense provides the first application security software dedicated to the detection and remediation of crypto vulnerabilities.

Database Cyber Security Guard

Database Cyber Security Guard

Database Cyber Security Guard (aka Don't Be Breached) informs Security Professionals and DBAs of Zero Day, Ransomware and Data Breach attacks within milli-seconds

ODSC

ODSC

ODSC is a security systems integrator that provides services and expertise in identity management and access.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Adlumin

Adlumin

Adlumin Inc. provides the enterprise-grade security operations platform and managed detection and response services that keep mid-market organizations secure.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

National Institute for Research & Development in Informatics (ICI Bucharest)

National Institute for Research & Development in Informatics (ICI Bucharest)

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

Spyderbat

Spyderbat

Spyderbat ATI closes the manual investigation gap between detection and response by instantly presenting causally connected threat activity to security analysts at the onset of an investigation.

Harvey Nash

Harvey Nash

Harvey Nash is a leading global provider of talent and technology solutions.

MailChannels

MailChannels

MailChannels protects companies against malicious email threats. Used by 750+ hosting providers around the world.

CI-ISAC Australia

CI-ISAC Australia

CI-ISAC has been designed to support and promote existing legislation and Government initiatives that are working to uplift cyber resilience across critical infrastructure sectors.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

AdviserCyber

AdviserCyber

AdviserCyber provide Cybersecurity and Compliance Solutions for Registered Investment Advisers.

Health Sector Cybersecurity Coordination Center (HC3)

Health Sector Cybersecurity Coordination Center (HC3)

HC3 was created by the US Department of Health and Human Services to aid in the protection of vital, controlled, healthcare-related information.