TZUTC: -0500   
   MSGID: 1245.consprcy@1:2320/105 2cdfa06e   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Chinese hackers hit Taiwan semiconductor manufacturing in spear phishing   
   campaign   
      
   Date:   
   Thu, 17 Jul 2025 19:33:00 +0000   
      
   Description:   
   At least three groups were targeting different organizations in the same   
   industry.   
      
   FULL STORY   
      
   Multiple Chinese state-sponsored threat actors have been coordinating attacks   
   on the Taiwanese semiconductor industry, hitting manufacturing, supply chain,   
   and financial investment analysis firms across the country.    
      
   This is according to cybersecurity researchers Proofpoint, who claim to have   
   observed at least three different groups participating in the campaign.    
      
   The groups are tracked as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp.   
   Sometimes, different security vendors label the same groups differently, but   
   these seem to be new entrants in the cybercriminal world.   
      
   A fourth player    
      
   Their tactics, techniques, and procedures (TTP) are somewhat different from   
   what was observed in the past, leading the researchers to believe that these   
   are new groups.    
      
   The attacks occurred between March and June this year, and targeted   
   organizations involved in the manufacturing, design, and testing of   
   semiconductors and integrated circuits, wider equipment and services supply   
   chain entities within this sector, as well as financial investment analysts   
   specializing in the Taiwanese semiconductor market," Proofpoint said.    
      
   The groups use different tools and tactics. Most of the time, initial contact   
   is achieved via phishing emails, but the malware , and the way it is    
   delivered varies from group to group. Among the tools used in this campaign   
   are Cobalt Strike, Voldemort (a C-based custom backdoor), and HealthKick (a   
   backdoor that can run commands), among others.    
      
   Proofpoint also mentioned a fourth group, called UNK_ColtCentury (AKA TAG-100   
   and Storm-2077), which tried to build rapport with their victims before    
   trying to infect them with malware. This group was looking to deploy a Remote   
   Access Trojan (RAT) called Spark.    
      
   "This activity likely reflects China's strategic priority to achieve   
   semiconductor self-sufficiency and decrease reliance on international supply   
   chains and technologies, particularly in light of U.S. and Taiwanese export   
   controls," the researchers explained.    
      
   "These emerging threat actors continue to exhibit long-standing targeting   
   patterns consistent with Chinese state interests, as well as TTPs and custom   
   capabilities historically associated with China-aligned cyber espionage   
   operations."    
      
   China has been vocal about reclaiming Taiwan for years now and has, on   
   numerous occasions, conducted military exercises in close proximity to the   
   island nation.    
      
    Via The Hacker News   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/chinese-hackers-hit-taiwan-semiconducto   
   r-manufacturing-in-spear-phishing-campaign   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426