Chinese state hackers are said to have attacked Taiwanese chip manufacturers. In doing so, they allegedly stole designs, source codes and SDKs. It is not known which companies were affected and how much information was actually stolen.
The perpetrators would be Chinese hackers who would be paid by the country to steal trade secrets from chip manufacturers. The investigation was carried out by the Taiwanese security company CyCraft, which gives the advanced persistent threat group the name Chimera. The researchers call the attacks Operation Skeleton Key because the hackers would use a ‘digital runner’ to penetrate companies.
The CyCraft researchers saw that the attackers entered the companies by taking over VPNs. It is not clear whether they did this by stealing the credentials for them or exploiting vulnerabilities in the servers. Once inside the network, the attackers would have installed a modified version of the Cobalt Strike pen-testing tool. The tool was used to move around the network. In doing so, they used passwords found in databases on the network, or passwords stolen elsewhere.
The attackers also used homemade tools based on other hacking tools such as Mimikatz to create new passwords for users in the domain controller’s memory. That was the same password every time, which led the CyCraft researchers to the Skeleton Key name.
The attackers allegedly attacked several chip manufacturers in Taiwan, although the company does not say which ones. The location mentioned includes TSMC and MediaTek. The group is said to have attacked various semiconductor makers and stolen confidential data between at least 2018 and 2019. This includes documents related to chip design, software development kits, and source codes. It is not known how much information was actually stolen.