Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry
Controlling advanced chip manufacturing in the 21st century may well prove to be like controlling the oil supply in the 20th. The country that controls this manufacturing can throttle the military and economic power of others.
Right now, Taiwan finds itself in an existential conflict with China and has been targeted by China's state-sponsored hackers for years. An investigation by leading Taiwanese security firm CyCraft has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.
The hackers have compromised at least seven Taiwanese chip firms over the past two years. The hackers went after these seven vendors in the semi-conductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software. CyCraft analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,...They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” say CyCraft.
It was unclear which companies were targeted and CyCraft has declined to name them. It is unclear who was responsible for the hacking. CyCraft said there were signs the group of attackers was based in China, including their familiarity with simplified Chinese characters and the breaks they took during Chinese national holidays.
The hackers broke into some of the corporate networks by exploiting virtual private networking software, CyCraft said. The attackers then altered a software authentication program and planted malicious code that allowed them to access other machines on the network. “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report. Independent analysts who track China-related hacking activity said they had not observed and verified the particular attacks described by CyCraft.
The Taiwanese firm said it had conducted incident response on site, and that it plans to release more technical data. But the hacking would not be the first time that the semiconductor industry has been targeted.
The hackers also appeared to operate largely within Beijing's time zone, to follow a "996" work schedule, the 9am to 9pm, six-days-a-week regimen common in the Chinese tech industry, and to take off Mainland Chinese holidays. CyCraft says they've learned from their cooperation with Taiwanese and foreign intelligence agencies that a hacker group using similar techniques also targeted Taiwanese government agencies.
CyCraft said it was unable to tell what the group was doing with all the technological information it had stolen from Taiwan, though its aim could just be to pass on the data to Chinese competitors.
One of their intentions could be to seek vulnerabilities in new products, making them compromised even before they are made available to the public, researchers said. The more likely motivation of the hacking campaign is simply to give China's own semiconductor makers a leg up over their rivals.
China has strongly denied accusations of engaging in cyber warfare or hacking, and has said it is itself one of the world’s biggest victims of such incidents.
CyCraft: Taiwan News: CyberScoop: Wired: Reuters: News360:
You Might Also Read:
China's Surveillance State Extends Beyond Its Borders: