The technological struggle between China and Taiwan has reached a new dimension in cyberspace. Researchers from the ProofPoint cybersecurity company have detected a sophisticated and persistent offensive directed against the industrial core of semiconductors in Taiwan. Far from being isolated actions, the campaign is attributed to multiple cyberspage groups backed by the Chinese government, whose activities, according to experts, are intensifying at a worrying rate.
Between March and June of this year, at least three groups, provisionally identified as UNK_Fistbump, UNK_Droppitch and UNK_SPARKYCARP, would have executed phishing campaigns directed with surgical precision against a wide variety of objectives in the semiconductor value chain. Victims include from chips manufacturers and designers to test centers, logistics suppliers and even financial analysts with specialized knowledge of the sector.
The tactics used show a high level of sophistication. The attackers resorted to lures as false job offers or collaboration proposals to gain the trust of their victims. From there, advanced techniques such as the Adversary-in-The-Middlewhich allows intercepting communications and stealing credentials, as well as the installation of Backdoors customized like Voldemort and Healthkick. All reinforced by legitimate tools that facilitated persistence within systems and remote access without being detected.
Three groups backed by the Chinese State would have launched a coordinated offensive between March and June 2025 to extract key information from the most strategic technological sector in the region
“The amplitude of the objectives suggests a very broad and strategic compilation mandate,” said Mark Kelly, threat researcher in Proofpoint. “The fundamental role of the semiconductor sector both in world supply chains and in national security has probably become a key objective for intelligence at this time.”
Economic motivation and geopolitical context
The analysis of the infrastructure used, including VPN Softether servers and suppliers of Russian VPS, has allowed to identify common patterns among the attackers, which points to systematic coordination. From ProofPoint this rebound is interpreted as a reaction to the restrictions imposed by the United States and Taiwan about the export of advanced technology, at a time when China seeks to reduce its dependence from the exterior in strategic components.
The case is part of a broader context of geopolitical tension and career for technological supremacy. The semiconductor industry, largely dominated by Taiwanese companies, represents not only an economic engine but a critical asset in areas such as defense, artificial intelligence or advanced computing. The pressure to access confidential information on processes, patents and production capabilities is leading Beijing to redouble their efforts in the cybernetic plane.
Forecasts: more campaigns in sight
ProofPoint experts do not house doubts about the continuity of this type of operations. “Given the current importance of these technologies, we foresee that these and other groups aligned with China continue their cyberspage operations in this sector,” Kelly added.
Taiwan, on the other hand, reinforces his digital armor to what is emerging as a long -distance conflict, where technological intelligence has become the new pitch.
