China-linked hacking groups have intensified cyber-espionage against Taiwan’s semiconductor ecosystem, according to new research from cybersecurity firm Proofpoint. The firm said at least three distinct clusters—tracked as UNK_FistBump, UNK_DropPitch and UNK_SparkyCarp—ran separate but overlapping campaigns between March and June 2025, marking a sharp increase from previously sporadic activity. Roughly 15 to 20 medium- and large-sized organisations were probed, including chip designers, manufacturers, supply-chain partners and financial analysts who cover the sector. Attackers used phishing emails crafted as job applications or collaboration requests to plant Cobalt Strike beacons and custom malware such as the “Voldemort” and “HealthKick” backdoors, giving them remote access to corporate networks and sensitive intellectual property. Proofpoint said the operations align with Beijing’s strategic goal of reducing reliance on foreign chip technology amid U.S. export controls. The surge in activity comes alongside a separate disclosure that the China-linked group Salt Typhoon maintained covert access to a U.S. state’s Army National Guard network from March to December 2024. A Department of Defense memo, first reported by NBC News, said the breach enabled exfiltration of network diagrams, administrator credentials and personally identifiable information, underscoring the breadth of current Chinese cyber-espionage efforts.