Spear-phishing campaigns executed by three Chinese state-sponsored groups targeted Taiwan's semiconductor industry between March and June 2025. Targets included manufacturers, designers, and analysts in this sector. The threat actors, tracked as UNK_FistBump, UNK_DropPitch, and UNK_SparkyCarp, used employment-themed phishing to deliver malicious software. UNK_FistBump employed the malware Cobalt Strike and a custom backdoor named Voldemort. Attackers impersonated graduate students, sending emails with a disguised malicious LNK file. The activity linked to Voldemort is distinct from similar threats attributed to TA415's group, despite shared characteristics.
The Taiwanese semiconductor industry has become the target of spear-phishing campaigns undertaken by three Chinese state-sponsored threat actors. Targets ranged from organizations involved in semiconductor manufacturing to financial investment analysts specializing in this market.
UNK_FistBump has targeted semiconductor design and supply chain organizations in employment-themed phishing campaigns which delivered Cobalt Strike or a custom backdoor known as Voldemort.
The attack chain involved the threat actor posing as a graduate student, sending emails to recruitment personnel that included a disguised LNK file that triggers the malware.
The use of Voldemort has been linked to a threat actor called TA415, associated with APT41 and Brass Typhoon, though the activity by UNK_FistBump is assessed as distinct from TA415.
Collection
[
|
...
]