Between March and June 2025 the Chinese-aligned threat group TA415 stepped up cyber espionage targeting Taiwanese semiconductor manufacturers, designers, and supply chain actors. They used spear-phishing lures (job applications, collaboration offers) to deliver malware such as Cobalt Strike, their custom Voldemort backdoor, and HealthKick (via DLL sideloading). They also targeted investment analysts focused on semiconductors, and used fake invitations from prominent U.S. political committees to also target U.S. think tanks, academic institutions, and government organizations.

TA415’s tactics include using Visual Studio Code Remote Tunnels and trusted cloud services (Google Sheets, Calendar, cloud sharing services) to hide command-and-control operations. The group impersonated high-profile individuals and used domain trust to lure victims. The attacks align with China’s aim of boosting semiconductor self-sufficiency and reducing reliance on foreign supply chains. Proofpoint classifies TA415 as a state-sponsored actor with strong overlaps to APT41, Wicked Panda, and Brass Typhoon, and sees this escalation as part of broader economic and trade policy tensions between the U.S. and China.

‍

Source: https://industrialcyber.co/ransomware/china-aligned-ta415-escalates-cyberattacks-on-taiwanese-semiconductor-manufacturing-supply-chains/