- Proofpoint so unk_fistbump, unk_droppitch and unk_sparkycarp engage in spear-phishing
- The groups tried to implement different back doors and malware
- The campaign is part of a broader effort to “achieve self -sufficiency of the semiconductor” experts claim
Several Chinese state -sponsored threat actors have coordinated attacks on the Taiwanese semiconductor industry that hits production, supply chain and financial investment analysis companies across the country.
This is, according to CyberSecurity researchers proofpoint, who claim to have observed at least three different groups participating in the campaign.
The groups are traced like UNK_FISTBUMP, UNK_DROPPITCH and UNK_SPARKYCARP. Sometimes different security providers feel the same groups differently, but these seem to be new participants in the cyber criminal world.
A fourth player
Their tactics, techniques and procedures (TTP) are somewhat different from what was observed in the past, causing researchers to believe that these are new groups.
The attacks took place between March and June this year and targeted “Organizations involved in the manufacture, design and testing of semiconductors and integrated circuits, wider equipment and services supply chain units in this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market,” Proofpoint said.
The groups use different tools and tactics. Most of the time, first contact is obtained through phishing -e emails, but malware, and the way it is delivered varies from group to group. Among the tools used in this campaign are Cobalt Strike, Voldemort (a C-based custom back door) and Healthkick (a back door that can run commands), among others.
Proofpoint also mentioned a fourth group, called UNK_COLTTENTURY (alias tag-100 and storm-2017), who tried to build report with their victims before trying to infect them with malware. This group was looking to implement a remote access Trojan (rat) called Spark.
“This activity probably reflects China’s strategic priority for obtaining self -sufficiency and reducing the dependence on international supply chains and technologies, especially in the light of us and Taiwanese export control,” the researchers explained.
“These new threat actors continue to exhibit long-term targeting patterns that are in line with Chinese state interests, as well as TTPs and custom capabilities historically associated with China-adjusted cyber espionage operations.”
China has been a vocals of “recycling” Taiwan for years now and has on several occasions conducted military exercises near the island.
Via Hacker the news
