In a series of targeted spear-phishing campaigns, three Chinese state-sponsored threat actors have set their sights on Taiwan’s crucial semiconductor industry, as detailed in a report by Proofpoint. The attacks, which have taken place from March to June 2025, have targeted organizations involved in semiconductor manufacturing, design, testing, and investment analysis, as the region continues to be a focal point in the global tech landscape. An analysis conducted by Proofpoint indicated that these campaigns were attributed to clusters labeled UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp.
The report highlights the sophisticated nature of these attacks, particularly those attributed to UNK_FistBump. This group has executed employment-themed phishing attacks directed at companies across the semiconductor supply chain, deploying malicious payloads like Cobalt Strike and a custom backdoor known as Voldemort. These attacks often involved impersonating a graduate student and sending emails to human resources personnel, where attached files disguised as resumes could trigger a multi-stage malware deployment process.
Another cluster, UNK_DropPitch, has reportedly focused its efforts on analysts within major investment firms targeting the Taiwanese semiconductor market. In phishing emails sent in April and May 2025, victims were led to a seemingly benign PDF document that downloaded a ZIP file containing a malicious DLL payload. This DLL, codenamed HealthKick, could exfiltrate data to a command and control server, reflecting a concerning level of sophistication and aiming at gathering intelligence targeted towards Taiwan’s semiconductor ecosystem.
The third group, UNK_SparkyCarp, engaged in credential phishing attacks toward an unnamed Taiwanese semiconductor firm using tailored tactics typical of Chinese cyber espionage. With the apparent reuse of infrastructure and tactics often associated with Chinese state actors, it illustrates recommendations made by experts regarding cybersecurity measures that need reinforcement, especially within sensitive sectors like semiconductors. Proofpoint posits that such operations align with China’s strategic priority to achieve self-sufficiency in semiconductor technology amidst increasing geopolitical tensions and export regulations from the U.S. and other nations.