A state-sponsored strategic cyber hacking campaign that emanated from China, has hit the prized semiconductor industry of Taiwan. Semiconductors are a vital component of smartphones and computer manufacturing tools and the revenue that Taiwan earned from this industry was US$ 87.6 billion in 2019. The attacks were first discovered by Cycraft Technology, a Taiwan-based cyber security firm.
The Sunday Guardian spoke to Chad Duffy, one of CyCraft’s researchers who worked on this particular exercise, who said that the hacking was carried out to hurt Taiwan strategically. According to him, the hackers targeted at least seven vendors in the semiconductor industry in 2018 and 2019, stealing source code and chip-related software. As per Cycraft, the hacking campaign chose computing firms situated at a sprawling campus in northwest Taiwan. Excerpts:
Q: When was the attack first discovered and how?
A: We first discovered the attack in early to mid-2019, via our MDR (Managed Detection and Response) monitoring services.
Q: You have mentioned that the attack has damaged the entire semiconductor industry. What made you arrive at this conclusion?
A: The scope of the attack is quite large, covering at least seven Taiwan vendors, and affecting various components of the supply chain as well. It looks to be an ecosystem attack rather than a specific purpose attack on one manufacturer. Ididn’t say that it affected the entire global industry, but there remains the potential for that level of ramification, if the attackers are successfully able to leverage similar attacks on other vendors globally.
Q: Were you able to identify the origin and the identity of the cyber hackers?
A: We have found evidence leading us to believe that it could be related to China, and possibly the Winnti group, due to the timing of the attacks, linguistic evidence left behind, and similarities in their attacking tools with the Winnti group.
Q: What were the hackers looking for?
A: It appears that the goal of the attackers was intellectual property theft.
Q: Do you believe it was a state-sponsored attack? If so, what has made you reach this conclusion?
A: The scope and sophistication of the attack, combined with the level of professionalization of the attackers and their work habits, further combined with the duration and goals of the attack, and the likely political motives in addition to previous similar behaviour from state-sponsored groups.
Q: The cyber capabilities of companies operating in Taiwan are among the best and yet they suffered damages. Are companies based in India, too, even more susceptible to such attacks?
A: Any organisation that is not able to defend against highly sophisticated advanced persistent threats will be vulnerable to them, in India or elsewhere in the world, as we are all on the internet. As advanced persistent threat actors’ tactics consistently vary and grow in sophistication, it is hard for any organisation to keep up. This is why it is necessary to employ a new set of solutions, like the ones CyCraft produce, which are capable of stopping these new kinds of attacks by making use of the latest advances in AI to their fullest extent. India has a growing body of sophisticated cyber defenders, but just as America and Europe, there is a dearth of talent and India must employ the next level of technology to fill this gap.