Taiwan - SparTech Software

Chinese state-backed threat actors target Taiwan’s semiconductor sector with Colbalt Strike and custom backdoors.

Recent months have seen a significant escalation in cyber espionage campaigns targeting Taiwan’s vital semiconductor industry, attributed to Chinese state-backed threat actors. These sophisticated operations, reported from March through June 2025 and potentially ongoing, are believed to be aimed at acquiring proprietary technology, disrupting business operations, and gathering sector intelligence. The uptick in attacks aligns with China’s strategic drive for semiconductor self-sufficiency amid increasingly restrictive export controls imposed by the United States and its allies.

Spartech Software July 17, 2025

Cybersecurity News

Taiwan’s National Security Bureau Issues Public Warning on Data Risks from Chinese Social Media Apps.

Taiwan’s National Security Bureau (NSB) has issued a formal public alert regarding significant data security risks posed by several Chinese social media applications, including TikTok (Douyin), Weibo, and RedNote (Xiaohongshu). The advisory follows a comprehensive review of these platforms’ data handling practices and their close ties to China, raising concerns about privacy and national security.

Spartech Software July 5, 2025

Cybersecurity News

New threat actor, HoldingHands, targeting organizations in Taiwan.

The “HoldingHands” threat actor is part of a broader, ongoing campaign targeting organizations in Taiwan since at least January 2025. The group employs a variety of malware tools, including the HoldingHands Remote Access Trojan (RAT), also known as Gh0stBins, as well as other malware strains such as Winos 4.0 and Gh0stCringe. These tools are often delivered through phishing emails that impersonate official communications from Taiwan’s National Taxation Bureau or other trusted entities, using lures related to taxes, invoices, and pensions to trick recipients into opening malicious attachments.

Spartech Software June 18, 2025

Cybersecurity News

Silver Fox is ramping up attacks against Taiwan using malware variants linked to the Gh0st RAT family.

Silver Fox APT (also known as Void Arachne) has intensified cyberattacks against Taiwan using sophisticated malware variants linked to the Gh0st RAT family, including Winos 4.0 and ValleyRAT. While “Gh0stCringe” and “HoldingHands RAT” are not explicitly named in recent reports, the group’s tactics align with evolving Gh0st RAT derivatives.

Spartech Software June 17, 2025

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC