Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting

July 17, 2025, 8:44 p.m.

Description

Between March and June 2025, three Chinese state-sponsored threat actors conducted targeted phishing campaigns against the Taiwanese semiconductor industry. The campaigns targeted organizations involved in semiconductor manufacturing, design, testing, supply chain, and financial analysis. This activity likely reflects China's strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains. The threat actors used various tactics including job application lures, investment collaboration pitches, and credential phishing. They deployed custom malware like Voldemort backdoor and HealthKick, as well as tools like Cobalt Strike. The targeting extended beyond semiconductor companies to include financial analysts specializing in the Taiwanese semiconductor market, indicating comprehensive intelligence collection efforts across the sector.

External References

https://www.proofpoint.com/us/blog/threat-insight/phish-china-aligned-espionage-actors-ramp-up-taiwan-semiconductor-targeting
https://otx.alienvault.com/pulse/687957dc6d81747b3ef02228
Tags
espionage
phishing
cobalt strike
sparkrat
voldemort
2025-07-17
semiconductor
unk_droppitch
unk_sparkycarp
unk_fistbump
healthkick

Date

  • Created: July 17, 2025, 8:06 p.m.
  • Published: July 17, 2025, 8:06 p.m.
  • Modified: July 17, 2025, 8:44 p.m.

Indicators

  • fc8f7185a90af4bf44332e85872aa7c190949e3ec70055a38af57690b6604e3c
  • ffd69146c5b02305ac74c514cab28d5211a473a6c28d7366732fdc4797425288
  • d783c40c0e15b73b62f28d611f7990793b7e5ba2436e203000a22161e0a00d0e
  • ec5fef700d1ed06285af1f2d01fa3db5ea924de3c2da2f0e6b7a534f69d8409c
  • d51c195b698c411353b10d5b1795cbc06040b663318e220a2d121727c0bb4e43
  • d3a71c6b7f4be856e0cd66b7c67ca0c8eef250bc737a648032d9d67c2c37d911
  • cd009ea4c682b61963210cee16ed663eee20c91dd56483d456e03726e09c89a7
  • bbdad59db64c48f0a9eb3e8f2600314b0e3ebd200e72fa96bf5a84dd29d64ac5
  • bab8618bc6fc3fdfa7870b5fe0f52b570fabf0243d066f410a7e76ebeed0088c
  • 82ecfe0ada6f7c0cea78bca2e8234241f1a1b8670b5b970df5e2ee255c3a56ef
  • 85e4809e80e20d9a532267b22d7f898009e74ed0dbf7093bfa9a8d2d5403f3f9
  • 9b2cbcf2e0124d79130c4049f7b502246510ab681a3a84224b78613ef322bc79
  • 7bffd21315e324ef7d6c4401d1bf955817370b65ae57736b20ced2c5c08b9814
  • 366d7de8a941daa6a303dc3e39af60b2ffacaa61d5c1fb84dd1595a636439737
  • 4ee77f1261bb3ad1d9d7114474a8809929f4a0e7f9672b19048e1b6ac7acb15c
  • 338f072cc1e08f1ed094d88aa398472e3f04a8841be2ff70f1c7a2e4476d8ef7
  • 1a2530010ecb11f0ce562c0db0380416a10106e924335258ccbba0071a19c852
  • 13fad7c6d0accb9e0211a7b26849cf96c333cf6dfa21b40b65a7582b79110e4b
  • 0d992762c69d624a1f14a8a230f8a7d36d190b49e787fd146e9010e943c5ef78
  • 084b92365a25e6cd5fc43efe522e5678a2f1e307bf69dd9a61eb37f81f304cc6
  • 1016ba708fb21385b12183b3430b64df10a8a1af8355b27dd523d99ca878ffbb
  • 000062e9e212231328b660f759f8878ac47604b9609f71c05ad19d7ef56b17a8
  • 82.118.16.106
  • 82.118.16.72
  • 80.85.156.234
  • 80.85.157.116
  • 80.85.156.237
  • 80.85.154.48
  • 80.85.154.101
  • 45.141.139.222
  • 43.247.132.96
  • 80.85.157.145
  • 31.192.234.97
  • 166.88.61.35
  • www.twmoc.info
  • menglunwuluegg226@proton.me
  • lonelyboymaoxcz231@proton.me
  • amelia_w_chavez@proton.me
  • mx.moctw.info
  • ttot.accshieldportal.com
  • ema.moctw.info
  • elliot-alderson-978.pserver.space
  • elliot-alderson-974.pserver.space
  • elliot-alderson-973.pserver.space
  • elliot-alderson-971.pserver.space
  • elliot-alderson-972.pserver.space
  • elliot-alderson-97.pserver.space
  • elliot-alderson-151.pserver.space
  • elliot-alderson-15.pserver.space
  • aqrm.accshieldportal.com
  • api.moctw.info
  • moctw.info
  • acesportal.com
  • accshieldportal.com
Download all indicators here!

Additional Informations

  • Semiconductor
  • Technology
  • Finance
  • Manufacturing
  • Taiwan