Chinese Hackers Steal From Taiwan's Semiconductor Industry

Privacy Cyber Security AH Nov AH 2019

News has emerged from Wired that Chinese Hackers have heavily pillaged Taiwan’s Semiconductor Industry. A campaign named Operation Skeleton Key has stolen source code, software development kits, chip designs, and more.

Hackers are becoming an increasing threat in our society. Recently Garmin was subject to a $10 million ransom fee from hackers. In the past, the U.S. has accused the Chinese government hackers of stealing technology.

This news will no doubt do little for China’s image on the international stage. There is no categoric evidence that this came from state-sponsored actors. However, China does have a history of similar actions toward Taiwan.


Chinese hackers target Taiwan’s semiconductor industry

Taiwan has been in conflict with China for its very existence for decades now. State-sponsored hackers have targeted the nation regularly during that time as well.

An investigation by a Taiwanese security firm has revealed the extent to which hackers have targeted their semiconductor industry.

At the Black Hat security conference, reports will be presented that detail the damage. The report shows that at least seven Taiwanese chip firms over the past two years were compromised by hackers.


The operation, name Skeleton Key appeared to aim to steal as much intellectual property as possible. This includes source code, software development kits, and chip designs.

Taiwanese security firm CyCraft previously named the group Chimera. However, new evidence links them to the state-sponsored group Winnti.

Chad Duffy, one of the CyCraft researchers made a statement on the news. He said, “This is very much a state-based attack trying to manipulate Taiwan’s standing and power.”


Chung-Kuan Chen, who is another researcher noted that the breach “fundamentally damages a corporation’s entire ability to do business”.

Operation Skeleton Key damages Taiwanese industry

CyCraft declined to disclose any of the companies the breach compromised. The investigation found that in some cases, hackers gained access by compromising virtual private networks.

It is unclear as to whether they gained individual credentials or the servers themselves were vulnerable. Hackers then used a penetration tool called Cobalt Strike.


This disguises the malware before moving to other machines on the network. The investigation revealed that hackers were more interested in stealing credentials and legitimate features. Rather than implanting malware that could reveal their identities.

Investigation finds loose links to mainland China

CyCraft were able to intercept an authentication token from the hackers’ communications. This allowed them to browse the contents of the cloud server. This included the standard operating procedure for typical intrusions.

The link to mainland china came in the language. As it used simplified Chinese characters, therefore, the researchers were able to ascertain it came from mainland China. This is because the Taiwanese do not use these characters generally.


The investigation also found the hackers tended to operate largely within Beijing’s time zone. They took off mainland Chinese holidays and as well as the time schedule of work they used fitted with this theory.

One backdoor program revealed the most obvious clue to the researchers. Winnti had previously used the program in recent years. This allowed the investigation to draw the link between this group of hackers and mainland China.

Costin Raiu, the director of Kaspersky’s Global Research & Analysis Team noted that Winnti has formed a part of other state-sponsored hacking operations aimed at Taiwan. These go far beyond the semiconductor industry which this investigation detailed.


He said that “it’s possible that what they’re seeing is just a small fragment of a larger picture.” Duffy noted that the semiconductor industry was a vulnerable target.

He pointed out that stealing chip schematics could allow hackers to identify more vulnerabilities hidden in computing hardware.

CyCraft has conceded it does not know what the hackers plan to do with the stolen material. One of the most likely explanations was to give China’s semiconductor industry as leg up.


This story demonstrates the ever-present and increasing concern when it comes to hackers. It is likely they will play an even larger role going forwards. Hopefully, defense mechanisms will improve but if not there could be some serious problems for companies in the near future.