Chinese state-backed hackers targeted Taiwan’s semiconductor sector (March–June 2025) using spear-phishing to deploy malware and steal data, according to The Hacker News. Three groups—UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp—hit chipmakers, supply chains, and analysts. Separately, Salt Typhoon breached a US National Guard network, exposing critical security flaws. Meanwhile, China is building a cyber army by restricting hackers from global contests and channeling talent into domestic competitions, such as the Tianfu Cup, reports Bloomberg. Vulnerabilities found are kept secret and used for state-sponsored cyber operations, boosting China’s espionage capabilities and raising global security concerns. Hacker News writes:
The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three previously undocumented Chinese state-sponsored threat actors.
“Targets of these campaigns ranged from organizations involved in the manufacturing, design, and testing of semiconductors and integrated circuits, wider equipment and services supply chain entities within this sector, as well as financial investment analysts specializing in the Taiwanese semiconductor market,” Proofpoint said in a report published Wednesday. […]
“This activity likely reflects China’s strategic priority to achieve semiconductor self-sufficiency and decrease reliance on international supply chains and technologies, particularly in light of U.S. and Taiwanese export controls,” the company said. […]
The development comes as NBC News reported that the Chinese state-sponsored hackers tracked as Salt Typhoon (aka Earth Estries, Ghost Emperor, and UNC2286) broke into at least one U.S. state’s National Guard, signaling an expansion of its targeting. The breach is said to have lasted for no less than nine months between March and December 2024.
The breach “likely provided Beijing with data that could facilitate the hacking of other states’ Army National Guard units, and possibly many of their state-level cybersecurity partners,” a June 11, 2025, report from the U.S. Department of Defense (DoD) said.[…]
“The group’s sustained presence suggests they were gathering more than just files, they were likely mapping infrastructure, monitoring communication flows, and identifying exploitable weak points for future use. What’s deeply concerning is that this activity went undetected for so long in a military environment. It raises questions about visibility gaps, segmentation policies, and detection capabilities in hybrid federal-state defense networks.”
Read more here.
