Hackers Target Chip Makers
Another indication of the strategic importance of the foundational semiconductor industry is a recent surge in cyberattacks directed at global chip manufacturers.
Security researchers in Taiwan reported earlier this year that a year-long cyber campaign emanating from China launched advanced persistent threat attacks against Taiwan’s sprawling chip foundry ecosystem. Dubbed Operation Skeleton Key, a reference to the skeleton key injector technique used in the attacks, the security vendor CyCraft reported that state-sponsored hackers stole chip intellectual property from Taiwanese manufacturers.
“The main objective of these attacks appeared to be stealing intelligence, specifically documents about IC chips, software development kits (SDKs), IC designs, source code,” the cyber vendor reported. “If such documents are successfully stolen, the impact can be devastating.”
The company investigated cyberattacks during 2018 and 2019 on companies located in Hsinchu Science Park, headquarters of Taiwan Semiconductor Manufacturing Co., the world’s largest chip foundry. A 2017 ransomware attack halted production at TSMC for three days, costing the foundry more than $170 million.
CyCraft reported that pandemic-related lockdowns at the end of 2019 heightened the threat since hackers “thrive on exactly this kind of environment.” The result was stepped up attacks on virtual private networks that snatched proprietary chip data.
Even encrypted VPNs exhibited unexpected security gaps, is some cases allowing attacks to go unnoticed for nearly a year. “Within minutes, [attackers were] able to inject malware that would allow for a digital skeleton key,” CyCraft said. “With this key, [attackers] gained unfettered access to all machines within their Windows domain, bypassing login security measures with ease—a true security nightmare.”
The security researcher is working with semiconductor industry groups to overhaul and update fab security. SEMI, which represents chip equipment vendors and customers such as Intel and Samsung, has proposed a cybersecurity standard. The spec would define security requirements for fab equipment to block the spread of malware in chip foundries.
For example, new equipment and devices would be scanned for malware before installation. The group said malware scanning is a “proven method to protect against the introduction and transmission of malicious code.”
Further, the standard would “harden” equipment in order to reduce security threats in chip fabs, including configuration specifications to ensure vulnerabilities are not introduced on factory networks.
Meanwhile, another security specialist reported this week that its survey of chip makers found server communications exposed on the Internet. During a two-week period in August, security vendor Expanse discovered “risky” Internet exposures on chip makers’ RDP and Telnet servers. (RDP stands for remote desktop protocol; the Telnet protocol provides access over an IP network.)
“At least five organizations had communications with RDP and Telnet servers respectively,” said Matt Kraning, Expanse’s co-founder and CTO. The company “discovered 25 exposed RDP servers associated with five organizations total. RDP servers are a common target for attackers because they allow access to a device via a graphical user interface from a remote location.”
Given the growing focus on semiconductor technology and it expanding role in economic and national security, industry groups and security experts warn that chip makers must strengthen defenses such as securing foundry networks.
“The need for visibility into semiconductor organizations’ communications has never been more urgent,” Kraning said.