China-linked hackers target Taiwan’s chip industry with increasing attacks, researchers say

TAIPEI – Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber-espionage campaigns, researchers said on July 16.

While hacking to steal data and information about the industry is not new, there is an increase in sustained hacking campaigns from several China-aligned hacking groups, researchers with cyber-security firm Proofpoint said in a new analysis.

“We’ve seen entities that we hadn’t ever seen being targeted in the past being targeted,” said Mr Mark Kelly, a threat researcher focused on Chinese-related threats at Proofpoint.

The previously unreported hacking campaigns were carried out by at least three distinct Chinese-linked groups primarily between March and June 2025, with some activity likely ongoing, Proofpoint said.

They come amid rising restrictions by Washington on exports to China of US-designed chips that are often manufactured in Taiwan.

China’s chip industry has been working to replace its dwindling supply of sophisticated US chips, especially those used in artificial intelligence.

The researchers declined to identify the hacking targets, but told Reuters that approximately 15 to 20 organisations – ranging from small businesses to analysts employed by at least one US-headquartered international bank to large global enterprises – faced attacks.

Major Taiwanese semiconductor firms include Taiwan Semiconductor Manufacturing Company (TSMC), MediaTek, United Microelectronics Corporation, Nanya Technology and Realtek Semiconductor. TSMC declined to comment while the others did not respond to requests for comment.

Reuters was unable to identify the specific hacking targets or determine whether any of the efforts were successful.

A spokesperson for the Chinese Embassy in Washington told Reuters in an e-mail that cyber attacks “are a common threat faced by all countries, China included”, and that Beijing “firmly opposes and combats all forms of cyber attacks and cybercrime – a position that is consistent and clear”.

The activity ranged from one or two e-mails sent as part of the more targeted campaign focused on specific people, to as many as 80 e-mails when trying to gain information from the company at large, Mr Kelly said.

One group targeted semiconductor design, manufacturing and supply-chain organisations using compromised Taiwanese university e-mail accounts to pose as job seekers and send malware via PDFs with URLs leading to malicious files, or a password-protected archive.

Another targeted financial analysts at major unnamed investment firms focused on the Taiwanese semiconductor industry by posing as a fictitious investment firm and seeking collaboration. Two of the entities are based in Asia, while the third is based in the US. The Federal Bureau of Investigation declined to comment.

A representative of TeamT5, a cyber-security firm based in Taiwan, said the firm had also seen an increase in e-mails being sent targeting the semiconductor industry tied to a few hacking groups, “but not a wide or general phenomenon”.

Targeting of semiconductors and the supply chain around them “is a persistent threat that has existed for long”, the representative said, and a “constant interest” for Chinese-related advanced hacking operators.

These groups often target “peripheral suppliers or related industries”, the representative said, such as a situation in June where a China-linked hacking group identified by TeamT5 as “Amoeba” launched a phishing campaign against an unnamed chemical company that plays a critical role in the semiconductor supply chain. REUTERS