- SAW UNK_FISTBump, UNK_Droppitch and UNK_SPARKARP INTREGATION IN PHISHIS
- The groups were trying to implement different rear doors and malware.
- The campaign is part of a broader effort to “achieve semiconductor self -sufficiency” affirmed by experts
Multiple threat actors sponsored by the Chinese State have been coordinating attacks against the Taiwanese semiconductor industry, hitting financial investment analysis and manufacturing companies and financial investment throughout the country.
This is in accordance with cybersecurity researchers TestPoint, who claim to have observed at least three different groups that participate in the campaign.
The groups are tracked as UNK_Fistbump, unk_droppitch and unk_sparkcarp. Sometimes, the different security suppliers label the same groups differently, but these seem to be new participants in the cybercriminal world.
A fourth player
Its tactics, techniques and procedures (TTP) are somewhat different from what was observed in the past, which leads researchers to believe that these are new groups.
The attacks occurred between March and June of this year, and went to “organizations involved in the manufacture, design and tests of semiconductors and integrated circuits, broader equipment and services entities of the supply chain within this sector, as well as analysts of financial investment specialized in the Taiwanese semiconductor market,” said Proofpoint.
Groups use different tools and tactics. Most of the time, the initial contact is achieved through phishing electronic emails, but the malware and the way it is delivered varies from one group to another. Among the tools used in this campaign are Cobalt Strike, Voldemort (a personalized rear door based on C) and Healthkick (a rear door that can run commands), among others.
Proofpoint also mentioned a fourth group, called UNK_Coltcentury (also known as Tag-100 and Storm-2077), which tried to build a relationship with its victims before trying to infect them with malware. This group sought to implement a remote access Trojan (rat) called Spark.
“This activity probably reflects China’s strategic priority to achieve semiconductor self -sufficiency and reduce the dependence of international supply chains and technologies, particularly in the light of US and Taiwanese export controls,” the researchers explained.
“These emerging threat actors continue to exhibit long -standing orientation patterns consisting of Chinese state interests, as well as TTP and personalized capabilities historically associated with cyber operations aligned by China.”
China has expressed about “claiming” Taiwan for years and, on numerous occasions, he has carried out military exercises very close to the island nation.
Through The hacker news
