Government researchers believe Chinese state-sponsored actors (APT) are likely to engage in cyber espionage activities targeting the US semiconductor industry. This to help improve domestic production and reduce China’s reliance on US-made semiconductors, as laid out in its “Made in China” (MIC) 2025 plan. Recently lifted sanctions against Chinese company ZTE, highlight China’s reliance on US semiconductors. The US blocking of Chinese acquisition of US semiconductor firms likely undercut China’s ability to acquire intellectual property that would help improve Chinese chip design and production.[1]
Researchers post a low confidence in this analysis due to a lack of recent reporting on Chinese cyber intrusions against US semiconductor firms. However, Chinese leadership has long held views that intellectual property theft, through cyber espionage, is a valid means to close the technology gap between the Chinese and international semiconductor markets.
China viewed its reliance on foreign semiconductors as a national security risk prior to the denial of export privileges. Chinese leadership has since renewed focus on homegrown innovation of core technology, which includes semiconductors. China plans to invest heavily and prioritize development of its semiconductor industry in accordance with their (MIC) 2025 plan, which calls for domestic chips to account for 70 percent of the domestic market by 2025. This goal will likely fail due to inadequacies in current Chinese technology. China continues to use cyber espionage to support strategic development goals, including science and technology advancements, and has expansive efforts in place to acquire US technology, which includes proprietary information. Thus, the focus on Chinese APT cyber economic espionage against foreign firms remains high.
Mitigations
This current US government advisory highlights the need to remain vigilant in your cyber security practices.
- Phishing attacks remain one of the top methods hackers try and enter networks. Be suspicious of emails that do not look familiar, specially from a supply chain company of yours. This includes emails from the owners or corporate heads to subordinates (which may be uncommon to the employee). Check return email or domain addresses which may be typo-squatted.
- Use reliable anti-virus protection to protect against malware. Always up-date anti-virus programs and use up-date patches for your various applications.
- Always consider insider threats, even if a small business.
- Passwords would be “strong” meaning a password must consist of at least six characters. Change your passwords on a routine basis. If feasible, use a 2 party authentication service.
For questions, comments or assistance regarding this report, please contact Wapack Labs or Trusted Internet LLC at 603-606-1246, or feedback@wapacklabs.com
[1] US DHS, HIA, dtd 10 SEP 2018
Comments