Duncan Riley | Siliconangle.com
An advanced threat protection group from China is allegedly targeting Taiwanese companies according to cybersecurity company CyCraft.
In a recent report into an APT they dub “Chimera,” researchers at CyCraft claim that the APT, under the name of “Operation Skeleton Key,” has a particular interest in hacking Taiwanese semiconductor companies. Taiwan is, depending on which way you look at it, an independent democracy and a country in its own right or a renegade province of China. Mainland China takes the latter view.
Why a nominally independent state off the coast of mainland China matters is that Taiwan is also one of the world’s biggest producers of semiconductors. Lots of U.S. tech companies as well as those from other parts of the world have their technologies made in Taiwan. The island’s biggest company, Taiwan Semiconductor Manufacturing Company Ltd., manufactures chips and other products for Advanced Micro Devices Inc., Apple Inc., Broadcom Inc., MediaTek Inc., Nvidia Corp. and Qualcomm Inc., to name a few.
According to CyCraft, Chinese APTs targeted various Taiwanese semiconductor companies base in the Hsinchu Science Park in Hsinchu City. “The main objective of these attacks appeared to be stealing intelligence, specifically documents about IC chips, software development kits, IC designs, source code, etc.,” the researchers wrote. “If such documents are successfully stolen, the impact can be devastating.”
According to the research, the attack likely stems from “competitors or even countries” seeking to gain a competitive advantage over rivals. Although the Chinese Communist Party claims that Taiwan is a part of China, at least in 2021, despite its relative small size as a island with 23.78 million people it has been extraordinarily successful in the tech industry and does compete with mainland China for business.
Chimera is also called out in a report from NCC Group and Fox-IT as being behind the theft of not only semiconductor business information but also passenger data from the airline industry.
According to the Fox IT report, Chimera regularly abuses cloud services from Google LLC and Microsoft Corp. to achieve their goals. The attacks are said to have included the use of a valid account to log in directly to a Citrix environment while the hackers continue their work from there.
“The revelation that advanced attackers, apparently based in China, have been targeting airline travel sites to track specific individuals, is not a surprise,” Saryu Nayyar, chief executive officer of unified security and risk analytics company Gurucul Solutions Pvt Ltd. A.G., told SiliconANGLE. “Tracking the travel patterns of individuals involved in certain industries or areas of research is information of great value to a State level intelligence agency. While it is the kind of specific information that might be useful to a cybercriminal going after a specific target, is guaranteed to be useful to a rival state agency.
Chloé Messdaghi, chief strategist at cybersecurity intelligence firm Point3 Security Inc., noted that given that this type of data stalking on a mass scale is criminal.
“While we don’t know if this is state-sponsored actor, a proxy for a nation state or a monetization player, we do know that the Biden administration will be tackling cybersecurity policy on these types of threats with new ferocity and historic vigor,” Messdaghi said. “We’re optimistic that we now have a president who will evaluate and act upon trustworthy information, and is taking preemptive actions to strengthen our cybersecurity, risk mitigation and personal privacy.”