- Proofpoint saw UNK_FISTBUMP, UNK_DROPPitch and UNK_SPARKYCARP get involved in the spear
- The groups were trying to deploy different baths and malicious software
- The campaign is part of a wider effort to “carry out the self-sufficiency of semiconductors” claim
Several actors of threats sponsored by the Chinese State have coordinated the attacks on the Taiwanese semiconductor industry, hitting manufacturing companies, supply and financial investment analysis across the country.
This is according to the researchers of proofpoint cybersecurity, who claim to have observed at least three different groups participating in the campaign.
The groups are followed as UNK_FISTBUMP, UNK_DROPPitch and UNK_PARKYCARP. Sometimes different security suppliers label the same groups differently, but they seem to be new entrants into the world of cybercriminal.
A fourth player
Their tactics, technical and procedures (TTP) are somewhat different from what has been observed in the past, which has led researchers to believe that these are new groups.
The attacks took place between March and June of this year and targeted “the organizations involved in the manufacture, design and tests of semiconductors and integrated circuits, wider equipment and services of the supply chain in this sector, as well as specialized financial investment analysts in the Taiwanese semi-private market”, said Provinspoint.
Groups use different tools and tactics. Most of the time, the initial contact is made via phishing emails, but the malicious software, and the way it is delivered varies from one group to another. Among the tools used in this campaign are Cobalt Strike, Voldemort (a personalized stolen door based on C) and Healthkick (a stolen door that can execute orders), among others.
Proofpoint also mentioned a fourth group, called UNK_COLTCENTURY (AKA TAG-100 and STORM-2077), which tried to create relationships with their victims before trying to infect them with malicious software. This group sought to deploy a Trojan horse (rat) of remote access called Spark.
“This activity probably reflects the strategic priority of China to achieve self-sufficiency self-sufficiency and reduce dependence on international supply chains and technologies, in particular in the light of American and Taiwanese export controls,” explained the researchers.
“These emerging threat actors continue to present long-standing targeting patterns compatible with the interests of Chinese states, as well as TTP and personalized capacities historically associated with cyber-spying operations aligned by China.”
China is seen on Taiwan’s “recovery” for years and has, many times, has conducted military exercises near the island nation.
Via The Hacker News
