Press ReleaseCyber Crime & ForensicCyber Safety

Proofpoint Warns of Growing Cyber Espionage in Taiwan

A Familiar Adversary Might Might Be Stepping Up Its Efforts Versus Taiwan

Photo of CSA Editorial CSA Editorial Send an email July 23, 2025
1 minute read
Proofpoint

Singapore may have avoided a technical recession with a 1.4% rebound in Q2 GDP, but cybersecurity researchers at Proofpoint are warning of a growing external risk that could ripple across the region’s tech and trade sectors, including Singapore’s.

Proofpoint has released new insights uncovering a significant escalation in China-aligned cyber espionage operations targeting Taiwan’s critical semiconductor industry. The findings reveal a concerted and expanding effort by multiple state-sponsored threat actors to infiltrate and gather intelligence from this vital sector—a development that may have deeper implications for Singapore manufacturing resilience, supply chain stability, and economic momentum in the second half of 2025.

Notably, this surge in activity likely reflects China’s strategic imperative to achieve semiconductor self-sufficiency and reduce its reliance on international supply chains, especially considering recent US and Taiwanese export controls.

Key findings from the latest Proofpoint study include:

  • At least three distinct China-aligned threat actors—UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp—targeted Taiwanese semiconductor firmsand ecosystem players in a series of highly targeted phishing campaigns between March and June 2025.
  • Campaigns spanning the entire semiconductor ecosystem, from core manufacturing to specialised financial analysis, indicating a comprehensive intelligence gathering mandate.
  • Threat actors leveraging employment-themed lures, fictitious collaboration proposals, and credential phishing, often using compromised university accounts or custom Adversary-in-the-Middle (AiTM) frameworks.
  • Observations of the deployment of custom backdoors like Voldemort and HealthKick, alongside the use of legitimate tools for persistence and remote access, showcasing the adaptability of these groups.
  • The analysis revealed shared infrastructure patterns, including the use of Russian VPS providers and SoftEther VPN servers, offering clues into the operational security of these state-backed groups.

For the full Proofpoint report, click HERE.

 

Tags
Photo of CSA Editorial CSA Editorial Send an email July 23, 2025
1 minute read
Photo of CSA Editorial

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Artificial Intelligence

Why Artificial Intelligence Depends on Secure Energy

July 23, 2025

2025 Online Identity Study: Global Consumers Fear AI-Powered Fraud in Travel Industry

July 22, 2025
Check Point

Check Point Research Reveals Dramatic 21% Global Surge in Cyberattacks in Q2 2025

July 22, 2025
UNC6148

Google Threat Intelligence Group Uncovers UNC6148 on SonicWall Secure Mobile Access 100 Series Appliances

July 22, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

(c) Asia Online Publishing Group 2024 - Media and PR enquiries - editor@aopg.net