- Proofpoint saw UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp engaging in spear-phishing
- The groups were trying to deploy different backdoors and malware
- The campaign is part of a wider effort to “achieve semiconductor self-sufficiency” experts claim
Multiple Chinese state-sponsored threat actors have been coordinating attacks on the Taiwanese semiconductor industry, hitting manufacturing, supply chain, and financial investment analysis firms across the country.
This is according to cybersecurity researchers Proofpoint, who claim to have observed at least three different groups participating in the campaign.
The groups are tracked as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp. Sometimes, different security vendors label the same groups differently, but these seem to be new entrants in the cybercriminal world.
You may like
A fourth player
Their tactics, techniques, and procedures (TTP) are somewhat different from what was observed in the past, leading the researchers to believe that these are new groups.
The attacks occurred between March and June this year, and targeted “organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market,” Proofpoint said.
The groups use different tools and tactics. Most of the time, initial contact is achieved via phishing emails, but the malware, and the way it is delivered varies from group to group. Among the tools used in this campaign are Cobalt Strike, Voldemort (a C-based custom backdoor), and HealthKick (a backdoor that can run commands), among others.
Proofpoint also mentioned a fourth group, called UNK_ColtCentury (AKA TAG-100 and Storm-2077), which tried to build rapport with their victims before trying to infect them with malware. This group was looking to deploy a Remote Access Trojan (RAT) called Spark.
“This activity likely reflects China’s strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains and technologies, particularly in light of U.S. and Taiwanese export controls,” the researchers explained.
“These emerging threat actors continue to exhibit long-standing targeting patterns consistent with Chinese state interests, as well as TTPs and custom capabilities historically associated with China-aligned cyber espionage operations.”
China has been vocal about “reclaiming” Taiwan for years now and has, on numerous occasions, conducted military exercises in close proximity to the island nation.
Via The Hacker News
