Cyber aggression intensifies by China-backed TA415 group, targeting Taiwan's semiconductor production and supply networks
In a swiftly evolving geopolitical landscape, the semiconductor industry has emerged as a crucial focal point for cyber espionage activities. A recent report unveils the role of TA415, a China-aligned cyber espionage group, in escalating operations targeting U.S.-China economic relations, particularly within the semiconductor sector.
Between March and June 2025, TA415 conducted spear-phishing campaigns targeting Taiwanese semiconductor organizations. The group masqueraded as various reputable entities, including the current Chair of the Select Committee on Strategic Competition between the United States and the Chinese Communist Party (CCP), as well as the US-China Business Council. The phishing emails purported to request input from the targets on draft legislation aimed at establishing a comprehensive sanctions framework against China.
The phishing emails typically contained links to password-protected archives hosted on public cloud sharing services such as Zoho WorkDrive, Dropbox, and OpenDrive. TA415's primary objective is likely the collection of intelligence on the trajectory of U.S.-China economic ties.
Indicted members of the group reportedly claimed to have links to China's civilian foreign intelligence service, the Ministry of State Security (MSS). According to U.S. government indictments, TA415 operates as a private contractor located in Chengdu, China, under the company name Chengdu 404 Network Technology.
TA415 has expanded its area of activity to organizations in the US government, think tanks, and academic institutions dealing with U.S.-China relations since 2020. The group consistently uses legitimate services for command and control (C2), including Google Sheets, Google Calendar, and VS Code Remote Tunnels.
TA415's phishing campaigns delivered an infection chain that attempts to establish a Visual Studio (VS Code) Remote Tunnel, enabling the threat actor to gain persistent remote access without the use of conventional malware. This tactic allows TA415 to bypass traditional security measures and maintain a covert presence within targeted networks.
The activities of TA415 occur amid ongoing negotiations and uncertainty surrounding the future of U.S.-China economic and trade relations. Proofpoint attributes the activity detailed in this report, and historical activity using the custom Voldemort backdoor, to TA415 with high confidence.
In a separate development, eight semiconductor companies were attacked and extorted by ransomware actors since the start of 2022, according to a report by Recorded Future. The attackers used various ransomware families, including LockBit, LV ransomware, and Cuba ransomware.
As the semiconductor industry continues to play a pivotal role in shaping the global economy, it remains a prime target for cyber espionage and ransomware attacks. Organizations must remain vigilant and implement robust cybersecurity measures to protect their assets and maintain their competitive edge.
Read also:
- Goodyear in 2025: Advancement in Total Mobility through the Launch of Kmax Gen-3 by Goodyear
- IM Motors reveals extended-range powertrain akin to installing an internal combustion engine in a Tesla Model Y
- Ford Embraces Silicon Valley Approach, Introducing Affordable Mid-Sized Truck and Shared Platform
- Future Outlook for Tesla in 2024: Modest Expansion in Electric Vehicle Sales, Anticipated Surge in Self-Driving Stock
