Chinese Hackers Aim To Plunder Taiwan's Semiconductor Industry

Uploaded on 2020-08-18 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Controlling advanced chip manufacturing in the 21st century may well prove to be like controlling the oil supply in the 20th. The country that controls this manufacturing can throttle the military and economic power of others.

Right now, Taiwan finds itself in an existential conflict with China and has been targeted by China's state-sponsored hackers for years. An investigation by leading Taiwanese security firm CyCraft has revealed just how deeply a single group of Chinese hackers was able to penetrate an industry at the core of the Taiwanese economy, pillaging practically its entire semiconductor industry.

The hackers have compromised at least seven Taiwanese chip firms over the past two years. The hackers went after these seven vendors in the semi-conductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software. CyCraft analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,...They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” say CyCraft.

It was unclear which companies were targeted and CyCraft has declined to name them. It is unclear who was responsible for the hacking. CyCraft said there were signs the group of attackers was based in China, including their familiarity with simplified Chinese characters and the breaks they took during Chinese national holidays. 

The hackers broke into some of the corporate networks by exploiting virtual private networking software, CyCraft said. The attackers then altered a software authentication program and planted malicious code that allowed them to access other machines on the network. “Based on the stolen data, we infer that the actor’s goal was to harvest company trade secrets,” CyCraft wrote in a report. Independent analysts who track China-related hacking activity said they had not observed and verified the particular attacks described by CyCraft. 

The Taiwanese firm said it had conducted incident response on site, and that it plans to release more technical data. But the hacking would not be the first time that the semiconductor industry has been targeted.

The hackers also appeared to operate largely within Beijing's time zone, to follow a "996" work schedule, the 9am to 9pm, six-days-a-week regimen common in the Chinese tech industry, and to take off Mainland Chinese holidays. CyCraft says they've learned from their cooperation with Taiwanese and foreign intelligence agencies that a hacker group using similar techniques also targeted Taiwanese government agencies.

CyCraft said it was unable to tell what the group was doing with all the technological information it had stolen from Taiwan, though its aim could just be to pass on the data to Chinese competitors. 

One of their intentions could be to seek vulnerabilities in new products, making them compromised even before they are made available to the public, researchers said. The more likely motivation of the hacking campaign is simply to give China's own semiconductor makers a leg up over their rivals. 

China has strongly denied accusations of engaging in cyber warfare or hacking, and has said it is itself one of the world’s biggest victims of such incidents.

CyCraft:      Taiwan News:       CyberScoop:       Wired:        Reuters:         News360:

You Might Also Read: 

China's Surveillance State Extends Beyond Its Borders:

 

« Teacher Estimates Replace Algorithm That Reduced Exam Grades
Seven Cyber Security Questions Businesses Need To Ask Themselves »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ITpreneurs

ITpreneurs

ITpreneurs provides IT training content, Instructors, Learning Infrastructure and services to IT Training providers.

Finnish Information Security Cluster (FISC)

Finnish Information Security Cluster (FISC)

FISC is an organization established by major Finnish information security companies to promote their activities nationally and internationally.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Liongard

Liongard

Liongard automates the management and protection of modern IT environments at scale for IT MSPs - Managed Service Providers and Enterprise IT Operations.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Prima Cyber Solutions (PCS)

Prima Cyber Solutions (PCS)

Prima Cyber Solutions is focused on protecting your business from the massive and devastating impacts that cyber-attacks may cause.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

Versent

Versent

Versent is an Australian-born technology company, focused on architecting, building & operating cloud native applications, data streams, platforms, and services.

SEALSQ

SEALSQ

For the last 25 years, SEALSQ have been developing secure semiconductor chips, secure embedded firmware, and tested hardware provisioning services to serve the vision of a safer connected world.

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

Zluri

Zluri

Zluri is a cloud-native SaaSOps platform enabling modern enterprises with SaaS Management and Identity Governance.

SignalRed

SignalRed

SignalRed provides the cutting edge next-generation penetration testing and secure development solutions to startups and large enterprises.