China is hacking its way into the semiconductor industry of Taiwan, a global leader in manufacturing equipment used in hi-tech electronic devices, including those in medical diagnostics.
That China seeks to lead in the emerging semiconductor and chip-making industry is no secret, but a cybersecurity firm has now exposed a concerted Chinese effort across two years to hack into leading Taiwanese firms.
Taiwan's semiconductor industry is the core of its economy even as China lags in the shadows. Owing to Taiwan's early mover advantage and experience in the semiconductor industry, world leaders in electrical and electronic device manufacturing such as Samsung, Google and Apple depend on Taiwanese firms to produce customised chipsets for their devices. It's evident that replacing Taiwan in this spot is near impossible for China.
China's Hacking of Taiwanese Semiconductor Firms
Taiwan has been on the receiving end of Chinese hackers and China's state-sponsored institutions. The hacking and espionage activities have mostly been for surveillance and intelligence gathering.
An investigation by a Taiwanese cyber security firm, CyCraft, has revealed a deep penetration into the systems of Taiwanese semiconductor companies by Chinese hackers in 2018 and 2019.
At the Black Hat security conference last week, researchers from CyCraft presented details of a hacking campaign that may have compromised internal data of at least seven Taiwanese chip firms over the past two years.
The series of deep intrusions are called 'Operation Skeleton Key' due to the attackers' use of a 'skeleton key injector' technique seems to be aimed at stealing intellectual property (IP), which includes source code, software development kits, and chip designs from these companies.
The company's findings include evidence that links the hackers to China and possible links to the Chinese state-sponsored hacker group Winnti, also known as Barium, or Axiom.
Hacking the Hackers
CyCraft was able to unmask this entire operation by literally hacking the hackers. CyCraft engineers intercepted a communication between an affected company's network and the command and control server of the hackers. Upon gaining access into this cloud server, CyCraft experts got a glance on the activities of the hacking group, including a standard operating procedure document written in Chinese.
Speaking exclusively to India Today, Chad Duffy, the Global Product Manager at CyCraft Technology Corp, explains the hacking modus operandi.
"These are large, sophisticated hacking groups that are often state-sponsored or sometimes criminal organisations. A couple of things in common are that they have a large team of very sophisticated hackers, a lot of financial resources, and they often operate much more like a business in terms of having specialised units that do specific kinds of activity."
He says these attackers have been trying to do things that closely mimic regular behaviour, and this is called "living-off-the-land" attacks where hackers use Google or Microsoft Azure or AWS services to launch their attacks because it's harder to trace and detect such attacks.
"These semiconductor vendors have high uptime requirements. Hence, they cannot shut anything down. This means that they often operate with legacy software products. Hence, it leaves them vulnerable and open to special sets of attacks," he says.
Explaining the state backing and a possible Chinese plot, he says these hacking groups are well sponsored. "Looking at the political motivations around it, there are strong suspicions that it's a state-sponsored attack. We have been tracing a lot of cyberattacks of similar nature for a while now. We're seeing a lot of patterns in the style of attack, the dates of the attack and the hours during which these are coordinated (Chinese work hours)."
The investigation found evidence in the form of documents written in simplified Chinese characters from the files used by the hackers, pointing to mainland China. "The hackers are also using sophisticated tools that point to state-backed machinery. It's very seldom that an individual hacker or even a remote group will have this level of sophistication."
Asked about the nature of the hacking setup, he replied: "This group operates like a corporate entity. The hackers work on a disciplined nine to six timeline. There are no activities during Chinese holidays and little activity during late nights. These all point to a very large and sophisticated infrastructure."
He further adds that the international cyber security community is aware that China has an estimated 100,000 full-time hackers.
The Hacking Methodology
It appears that the hackers obtained the initial access to company networks via the respective virtual private networks (VPNs). The hackers then used a customised version of a penetration testing tool called Cobalt Strike, planted a malware using the name of a Google Chrome update file. After this, they used a command-and-control server hosted on cloud services such as Google or AWS, making it harder to detect the source.
The hackers moved to multiple other networks and directories from the initial access points accessing sensitive data across databases using cryptographic hashing mechanisms which helped crack the passwords.
The primary aim was to get their hands on the sensitive data, rather than infect systems. A significant finding was the use of a trick known as 'skeleton key injection' that involves manipulation of domain controllers and servers by adding a new additional password for every user in the AD server to gain access across machines and directories of a company.
Taiwan's Semiconductor Supremacy
Taiwan is home to the world's largest contract chipmakers, with Taiwan Semiconductor Manufacturing Company (TSMC) leading the pack with around 52 per cent share in the global chipmakers market.
Taiwan is also the world's biggest semiconductor equipment market in the world owing to purchasing the highest amount of semiconductor production equipment as of December 2019.
The Taiwanese chipmakers are currently developing sophisticated chips which include variants like 7nm, 5nm and even 3nm processors that require huge investments in terms of facilities and technologies. This places Taiwan at the top of the table with even China lagging them by two generations when it comes to chip manufacturing. Companies like Apple, AMD, Qualcomm and other market leaders source their chipsets from Taiwan.
USA houses the closest competitor to Taiwanese chip makers in the form of Intel, but even Intel has now indicated that it may give up manufacturing chipsets owing to extensive delays in coming out with their latest set of
chipsets. This resulted in a soar in the share prices of Taiwanese chip makers, especially that of TSMC. It is also expected that Intel may outsource their production of chips to TSMC and may depend on them for the 6nm chipsets.
This firmly places TSMC and the other Taiwanese semiconductor companies well above the rest. No wonder, China wants to get a share on this pie!
Poaching of Taiwanese Talent
The Chinese government-backed chip projects of large scales have started to mushroom in China with a hope of replicating the efforts of Taiwanese firms. These Chinese firms have regularly been looking to poach talent from Taiwanese firms and have done so by offering large financial packages to employees willing to switch bases.
It is estimated that over 100 experienced executives and engineers have left TSMC alone in the past year to work for new and upcoming Chinese chip makers. Overall, around 3,200 employees have shifted to Chinese firms from Taiwanese firms. Chinese firms themselves rely on a lot of Taiwanese chip makers for their own production lines and this is something China wants to reduce immediately. Quanxin Integrated Circuit Manufacturing (Jinan), or QXIC (founded in 2019), and Wuhan Hongxin Semiconductor Manufacturing Co., or HSMC (founded in 2017), are the frontrunners to lead the Chinese revolution in semiconductor and chip manufacturing.
These two firms are looking to develop 12nm and 14nm chipsets. To compare how much China is lagging Taiwan, the latter is already in line to produce 5nm and 3nm processors.
Can China oust Taiwan as the Market Leader?
The outflow of talent from TSMC and other firms may not immediately impact Taiwan's semiconductor industry, as the experience and innovation that they possess cannot be substituted by a few employees jumping ship.
But the real worry has been about the trade secrets, design knowledge and other aspects getting transferred to Chinese firms, which may compromise the USP of Taiwanese firms. So as a start, the TSMC signed modified contracts with its equipment suppliers to not sell any of the customised tools meant for TSMC to other firms, especially from China.
Other firms which are not as big as TSMC may soon feel the pinch owing to brain drain. Chinese firms have the scale and support from the Chinese government and hence not a lot may come in their way to offset this balance.
Given the bulk of the top clients are continuing to do business with the Taiwanese firms, it will take a herculean amount of work to change this and grab the market share. It is this that pushes China to indulging in espionage and hacking.
Taiwan Balancing Act with China and USA
TSMC's and other Taiwanese firms' central place in the Silicon Valley ecosystem makes it gravely sensitive to the cold war that is brewing between China and the USA. As relations between the two world powers widen, each is determined to safeguard its supply of semiconductors from attack by the other-which has resulted in redefining their respective relationships with TSMC.
TSMC has no clear substitutes. Hence, it has been caught in the tug of war between China and the USA.
The USA decided to exploit China's weakness-its dependence on TSMC by issuing a regulation that effectively prohibited TSMC from selling chips and processors to Huawei. If TSMC did not oblige, it would mean that the firm would have to sever ties with American firms. TSMC obliged.
TSMC gets 60 per cent of its sales from the USA and only 20 per cent of its sales from China. With the recent developments concerning Intel and its decision to outsource chipsets, TSMC may breathe easy for now as its stock prices has risen by a whopping 50 per cent since May 2020. It remains to be seen how TSMC and Taiwan balance this phase.
(The writer is a Singapore-based Open-Source Intelligence analyst,)