A new wave of cyber espionage attacks linked to Chinese hacking groups has targeted Taiwan’s semiconductor industry and financial analysts tracking it, according to a detailed investigation released on Wednesday by cybersecurity firm Proofpoint. These stealthy and persistent operations underscore the growing geopolitical tensions over semiconductor dominance, especially as the U.S. tightens restrictions on chip exports to China and Beijing scrambles to boost domestic production capacity.
Proofpoint Uncovers a Coordinated and Persistent Campaign
In its comprehensive analysis, Proofpoint revealed that at least three distinct hacking groups with suspected ties to China conducted targeted cyber attacks primarily between March and June 2025. Although some campaigns have tapered off, several attacks appear to still be underway. These operations mark an expansion in both scope and intensity, particularly targeting entities that previously remained outside the crosshairs of known hacking groups.
“We’ve seen entities that we hadn’t ever seen being targeted in the past being targeted,” said Mark Kelly, a threat researcher at Proofpoint specializing in Chinese cyber operations. This statement highlights the evolving sophistication and ambition behind these state-aligned cyber campaigns.
Targets Include a Wide Range of Semiconductor-Linked Organizations
The cyber attacks struck a diverse array of organizations—ranging from small Taiwanese businesses and key players in the global semiconductor supply chain to analysts working for at least one major U.S.-headquartered international bank. According to Proofpoint, between 15 and 20 organizations faced these intrusions. While the report did not name the victims explicitly, Taiwan’s semiconductor ecosystem includes industry giants like:
-
Taiwan Semiconductor Manufacturing Co. (TSMC)
-
MediaTek Inc.
-
United Microelectronics Corp. (UMC)
-
Nanya Technology Corp.
-
RealTek Semiconductor Corp.
TSMC declined to comment on the findings, while the other companies did not respond to requests from journalists for clarification.
Chinese Hackers Employed Deceptive Tactics to Breach Defenses
The hacking groups employed advanced phishing and impersonation strategies to breach their targets’ networks. One of the groups focused on semiconductor design, manufacturing, and supply chain firms by compromising email accounts belonging to Taiwanese universities. These compromised accounts were used to impersonate job seekers, delivering malware-laced PDFs or password-protected archives containing malicious links.
In another campaign, hackers disguised themselves as representatives of a fictitious investment firm. They contacted financial analysts at prominent, unnamed investment companies who specialize in the Taiwanese chip industry. Their aim was to build trust and then inject malware or extract sensitive intelligence through these deceptive email exchanges.
The email volume varied across campaigns—from highly focused efforts involving one or two messages aimed at specific individuals to broad-based attacks featuring up to 80 emails to penetrate entire corporate departments.
China’s Cyber Tactics Align With Strategic Technology Objectives
These attacks emerge in the context of escalating U.S.-China tensions over technological supremacy, particularly in the semiconductor sector. Washington has implemented a series of export controls to limit China’s access to U.S.-designed chips, many of which are produced by Taiwanese firms. In response, China has stepped up its efforts to replace critical chip technologies, especially those used in artificial intelligence and high-performance computing.
Proofpoint’s findings suggest that these hacking operations are part of a broader state-aligned intelligence-gathering mission. These cyber activities aim to accelerate China’s domestic chip production by harvesting proprietary information from industry leaders and analysts worldwide.
Other Cybersecurity Experts Confirm Growing Threat Activity
Cybersecurity experts outside of Proofpoint have also observed similar trends. A representative from Taiwan-based cybersecurity firm TeamT5 confirmed an increase in malicious emails targeting the semiconductor sector, though they described it as limited in scale rather than a full-blown surge.
“This is not yet a wide or general phenomenon,” the representative stated, but emphasized that semiconductor firms and their supply chains remain a “persistent” and “constant” area of interest for China-backed advanced persistent threat (APT) groups.
Hacking Groups Expand to Peripheral Supply Chain Targets
Beyond direct attacks on chipmakers, hackers have increasingly turned their attention to peripheral industries critical to chip production. For instance, in June, TeamT5 identified a phishing campaign executed by a Chinese-linked hacking group known as “Amoeba.” The group targeted a chemical company believed to play a vital role in the chip manufacturing supply chain, demonstrating how these threat actors aim to gather intelligence from every corner of the ecosystem.
By exploiting smaller or less-defended companies, hackers gain indirect access to larger operations, allowing them to stitch together a full picture of chip production pipelines, proprietary processes, and technology development trends.
Chinese Embassy Responds, Denies Involvement
Responding to questions from Reuters, a spokesperson for the Chinese embassy in Washington stated, “Cyber attacks are a common threat faced by all countries, China included.” The spokesperson further asserted, “China firmly opposes and combats all forms of cyber attacks and cyber crime — a position that is consistent and clear.”
The FBI declined to comment on the latest wave of cyber activity, as is customary for ongoing investigations.
Geopolitical Implications: Cybersecurity Now Front and Center in the Chip War
This latest round of cyber espionage illustrates the increasingly strategic role cybersecurity plays in the broader geopolitical chip war between China and the U.S. As Taiwan continues to serve as a global hub for semiconductor manufacturing, it has become a magnet for cyberattacks launched by foreign intelligence services seeking a technological edge.
Moreover, the information stolen during such campaigns—ranging from proprietary designs to financial forecasts and investment plans—can prove invaluable to China’s chip ambitions. By targeting financial analysts, attackers may also gain insight into Western perceptions, competitive strategy, and global investment movements within the semiconductor sector.
Conclusion: A Heightened Need for Vigilance in the Semiconductor Arena
As cyber espionage campaigns grow more advanced, businesses in and around the semiconductor industry—especially in Taiwan—must heighten their cybersecurity defenses. These latest revelations make it clear that no entity, whether a multinational firm or a local supplier, is too small or peripheral to escape attention.
With tensions rising and chip technology becoming the cornerstone of both economic and military power, the battlefield is no longer limited to trade restrictions and diplomatic posturing. Increasingly, the fight is also taking place in cyberspace—where intellectual property, national competitiveness, and global security are all at stake.
