Published: 11:11 PM, 30 July 2025
Chinese espionage activites on Taiwanese Chip Companies
Image credit: Shutterstock
Recent cybersecurity analysesreveal that Chinese state-affiliated hacking groups have launched a wave of espionage campaigns against Taiwan’s semiconductor sector. Between March and June 2025, researchers at Proofpoint documented three distinct China-aligned threat clusters (codenamed UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp) carrying out targeted phishing operations against Taiwanese chip companies. The victims ranged broadly from chip design, manufacturing and testing firms to equipment suppliers, and even financial analysts who specialize in the Taiwanese semiconductor market. In each case, the motive appears to have been data theft and intelligence gathering (espionage). These campaigns come on the heels of intense US export control on advanced chips and related technology, reflecting China’s strategic push for semiconductor self-sufficiency.
There were three simultaneous campaigns from March to June 2025, and Proofpoint observed three China-linked groups targeting Taiwan’s chip ecosystem. While there was a wide range of targets, the phishing attacks hit chip manufacturers, designers, testing labs, supply-chain companies, and even investment analysts covering Taiwan’s semiconductor ecosystem. It was ascertained that all campaigns aimed to steal technical and market intelligence. This escalation is part of a larger strategic effort from China, not merely to steal intellectual property but to degrade Taiwan’s technological leadership and economic stability, both of which are vital to the US-aligned supply chains and regional deterrence.
It is a fact that Taiwan’s semiconductor industry is one of the most geopolitically significant sectors and a critical pillar of global technology supply chains. Proofpoint’s research echoes this as they found that Chinese APT actors have long targeted semiconductors, but “we are currently observing an elevated level of targeting of the industry by China-aligned groups compared to historical activity”. Cybersecurity news outlets reported that Beijing is increasingly using cyberattacks as a weapon to undermine Taiwan’s chips and, by extension, Taiwan’s national defence. In the context of the ongoing Western measures (like new US sanctions) aimed at slowing China’s chip-making capabilities, these attempts highlight the declining advancement in the Chinese chip industry.
In May and June 2025, a group Proofpoint calls UNK_FistBump launched multiple spear‑phishing campaigns against Taiwanese chipmakers. The attackers posed as Taiwanese graduate students seeking jobs, sending fake recruitment emails to HR and engineering staff. A second cluster, UNK_DropPitch, targeted the financial side of Taiwan’s chip industry. Between April and May 2025, this group posed as a fictitious investment firm and emailed analysts at major banks. The phishing emails promised a potential collaboration on chip-related investment, but contained malicious PDFs. Notably, the targets were not chip fabs themselves but investment analystsspecialising in semiconductors. This suggests the attackers were harvesting market intelligence, for example, insight into upcoming chip products or industry developments, rather than attempting immediate financial fraud.
A third actor, UNK_SparkyCarp, ran a credential‑stealing phishing campaign in early 2025. It focused on a single Taiwanese semiconductor firm, sending messages that mimicked legitimate security notices. Proofpoint also noted that multiple Chinese-affiliated groups were probing Taiwan’s semiconductor ecosystem at the same time. So far, about 15–20 organizations in Taiwan have been targeted across these campaigns. They range from large corporations to mid-size companies and consulting analysts. Major Taiwanese chip makers include industry leaders like Taiwan Semiconductor Manufacturing Co. (TSMC), MediaTek, United Microelectronics Corp. (UMC), Nanya Technology, and RealTek Semiconductor.
These are troubling patterns indicating an expansion in Chinese espionage, threatening global semiconductor supply chains. While cyberattacks to steal semiconductor secrets are not new, the sustained increase and coordination in early 2025 stands out. Reportedly, these operations came amid rising US restrictions on US-designed chips going to China. By stealing design and process information from Taiwan, Chinese authorities may hope to overcome shortages in their domestic chip industry caused by US export controls. However, Chinese officials publicly downplay such allegations. In response to questions, a spokesperson at China’s embassy in Washington stated that cyberattacks “are a common threat faced by all countries”, and that China “firmly opposes and combats all forms of cyberattacks and cyber crime,” a position it has reiterated in the past. This boilerplate denial did not address the specific targeting of Taiwan’s semiconductor ecosystem.
For China, Taiwan is both a geopolitical adversary and a technological goldmine. Gaining access to its semiconductor know-how, degrading its global reliability or destabilizing the global supply chain serves Beijing’s strategic goals on two fronts, it narrows the tech gap with the US and undermines Taiwan’s international standing as a secure investment and technology partner, while also sabotaging its socio-economic fabric. These cyber intrusions also dovetail with China's grey-zone tactics, which include disinformation campaigns, economic coercion, and military intimidation in the Taiwan Strait. By targeting analysts at investment firms, China may also be seeking to disrupt the financial standing of Taiwan’s semiconductor sector. These hybrid operations reveal the extent to which China views technology, information, and influence as interconnected tools of statecraft. The pattern of targeting not only fabs but also design teams, equipment makers, and financial analysts shows a broad intelligence effort across the chip ecosystem, going after less obvious areas. In short, the campaign underscores Taiwan’s chips as a strategic asset, by weakening Taiwan’s lead or stealing its technology, China could bolster its semiconductor sector and erode Taiwan’s economic security.
In conclusion, the wave of cyberattacks targeting Taiwan’s semiconductor ecosystem is more than espionage; it is an act of geopolitical pressure. It reflects China’s urgent need to compensate for its isolation from key technologies and to weaken a crucial node in the US-aligned global tech order. These attacks are also a stark reminder that US export controls, particularly under the Trump and Biden administrations, are having a tangible impact. As China’s path to semiconductor self-sufficiency faces growing obstacles, cyber tools will likely remain central to Beijing’s toolkit, not just to steal but to sabotage, influence, and destabilise. For Taiwan and its partners, this represents not only an economic risk but a national security threat that must be countered through strengthened cyber defence, intelligence sharing, and multilateral tech security cooperation.
Written by: Sojib Biswas, Journalist (Views expressed in the above piece are personal and solely those of the author.)
There were three simultaneous campaigns from March to June 2025, and Proofpoint observed three China-linked groups targeting Taiwan’s chip ecosystem. While there was a wide range of targets, the phishing attacks hit chip manufacturers, designers, testing labs, supply-chain companies, and even investment analysts covering Taiwan’s semiconductor ecosystem. It was ascertained that all campaigns aimed to steal technical and market intelligence. This escalation is part of a larger strategic effort from China, not merely to steal intellectual property but to degrade Taiwan’s technological leadership and economic stability, both of which are vital to the US-aligned supply chains and regional deterrence.
It is a fact that Taiwan’s semiconductor industry is one of the most geopolitically significant sectors and a critical pillar of global technology supply chains. Proofpoint’s research echoes this as they found that Chinese APT actors have long targeted semiconductors, but “we are currently observing an elevated level of targeting of the industry by China-aligned groups compared to historical activity”. Cybersecurity news outlets reported that Beijing is increasingly using cyberattacks as a weapon to undermine Taiwan’s chips and, by extension, Taiwan’s national defence. In the context of the ongoing Western measures (like new US sanctions) aimed at slowing China’s chip-making capabilities, these attempts highlight the declining advancement in the Chinese chip industry.
In May and June 2025, a group Proofpoint calls UNK_FistBump launched multiple spear‑phishing campaigns against Taiwanese chipmakers. The attackers posed as Taiwanese graduate students seeking jobs, sending fake recruitment emails to HR and engineering staff. A second cluster, UNK_DropPitch, targeted the financial side of Taiwan’s chip industry. Between April and May 2025, this group posed as a fictitious investment firm and emailed analysts at major banks. The phishing emails promised a potential collaboration on chip-related investment, but contained malicious PDFs. Notably, the targets were not chip fabs themselves but investment analystsspecialising in semiconductors. This suggests the attackers were harvesting market intelligence, for example, insight into upcoming chip products or industry developments, rather than attempting immediate financial fraud.
A third actor, UNK_SparkyCarp, ran a credential‑stealing phishing campaign in early 2025. It focused on a single Taiwanese semiconductor firm, sending messages that mimicked legitimate security notices. Proofpoint also noted that multiple Chinese-affiliated groups were probing Taiwan’s semiconductor ecosystem at the same time. So far, about 15–20 organizations in Taiwan have been targeted across these campaigns. They range from large corporations to mid-size companies and consulting analysts. Major Taiwanese chip makers include industry leaders like Taiwan Semiconductor Manufacturing Co. (TSMC), MediaTek, United Microelectronics Corp. (UMC), Nanya Technology, and RealTek Semiconductor.
These are troubling patterns indicating an expansion in Chinese espionage, threatening global semiconductor supply chains. While cyberattacks to steal semiconductor secrets are not new, the sustained increase and coordination in early 2025 stands out. Reportedly, these operations came amid rising US restrictions on US-designed chips going to China. By stealing design and process information from Taiwan, Chinese authorities may hope to overcome shortages in their domestic chip industry caused by US export controls. However, Chinese officials publicly downplay such allegations. In response to questions, a spokesperson at China’s embassy in Washington stated that cyberattacks “are a common threat faced by all countries”, and that China “firmly opposes and combats all forms of cyberattacks and cyber crime,” a position it has reiterated in the past. This boilerplate denial did not address the specific targeting of Taiwan’s semiconductor ecosystem.
For China, Taiwan is both a geopolitical adversary and a technological goldmine. Gaining access to its semiconductor know-how, degrading its global reliability or destabilizing the global supply chain serves Beijing’s strategic goals on two fronts, it narrows the tech gap with the US and undermines Taiwan’s international standing as a secure investment and technology partner, while also sabotaging its socio-economic fabric. These cyber intrusions also dovetail with China's grey-zone tactics, which include disinformation campaigns, economic coercion, and military intimidation in the Taiwan Strait. By targeting analysts at investment firms, China may also be seeking to disrupt the financial standing of Taiwan’s semiconductor sector. These hybrid operations reveal the extent to which China views technology, information, and influence as interconnected tools of statecraft. The pattern of targeting not only fabs but also design teams, equipment makers, and financial analysts shows a broad intelligence effort across the chip ecosystem, going after less obvious areas. In short, the campaign underscores Taiwan’s chips as a strategic asset, by weakening Taiwan’s lead or stealing its technology, China could bolster its semiconductor sector and erode Taiwan’s economic security.
In conclusion, the wave of cyberattacks targeting Taiwan’s semiconductor ecosystem is more than espionage; it is an act of geopolitical pressure. It reflects China’s urgent need to compensate for its isolation from key technologies and to weaken a crucial node in the US-aligned global tech order. These attacks are also a stark reminder that US export controls, particularly under the Trump and Biden administrations, are having a tangible impact. As China’s path to semiconductor self-sufficiency faces growing obstacles, cyber tools will likely remain central to Beijing’s toolkit, not just to steal but to sabotage, influence, and destabilise. For Taiwan and its partners, this represents not only an economic risk but a national security threat that must be countered through strengthened cyber defence, intelligence sharing, and multilateral tech security cooperation.
Written by: Sojib Biswas, Journalist (Views expressed in the above piece are personal and solely those of the author.)
