Cyberattacks targeting the global semiconductor industry surged more than 600% since 2022, with confirmed ransomware losses exceeding $1.05 billion since 2018, according to new research published Wednesday by cybersecurity firm CloudSEK.
The comprehensive threat landscape report documented how semiconductor-related cyber incidents evolved from isolated events to systematic campaigns driven by geopolitical tensions.
“The semiconductor race is no longer just a technological competition — it has become a strategic fault line in the global balance of power,” the report titled “Silicon Under Siege: The Cyber War Reshaping the Global Semiconductor Industry” stated.
The escalation has created unprecedented financial risks for individual companies. A single attack on Taiwan Semiconductor Manufacturing Company in 2023 resulted in an estimated $256 million loss when production halted for key components destined for Apple’s iPhone manufacturing, the report added.
Geopolitical competition fuels cyber espionage
The surge in attacks stems from an escalating technological competition between major powers, with semiconductors emerging as the new battleground for economic and military supremacy. The US-China chip conflict has fractured the global semiconductor supply chain, with Taiwan caught in the middle as the world’s dominant chip manufacturer, producing over 60% of global semiconductors.
China’s massive investment of over $150 billion to achieve chip self-sufficiency and reduce reliance on Western technology has intensified cyber espionage efforts targeting semiconductor intellectual property. Meanwhile, the US $52 billion CHIPS Act aims to reshore advanced manufacturing and restrict China’s access to cutting-edge chip technology.
“This escalating competition is fueling cyber campaigns focused on long-term infiltration,” the CloudSEK report noted, describing how APT groups embedded persistent access into software pipelines, design tools, and fabrication operations to steal technological secrets and position for potential disruption.
Taiwan’s strategic position makes it a particular target. The island’s semiconductor dominance has led to a stronger US military presence in the Asia-Pacific to deter potential Chinese aggression, while simultaneously making Taiwanese chip companies high-value espionage targets for state-sponsored hackers seeking to accelerate their own technological development, the report argued.
“Chips power everything from defense systems and AI platforms to energy grids and consumer electronics. Disrupting their flow can ripple across multiple industries and nations,” said Ibrahim Saify, security analyst at CloudSEK.
Financial impact reaches unprecedented levels
Beyond individual company losses, the broader threat landscape reveals systemic vulnerabilities. CloudSEK found approximately two million semiconductor-linked Industrial Control System assets in the US that remained publicly accessible via the internet, many with default or weak security settings.
According to Saify, enterprise exposure depends on three factors: “Dependency concentration — heavy reliance on single-source fabs, EDA vendors, or Tier 1/Tier 2 suppliers in high-threat regions dramatically amplifies risk.” Additional factors include IT-OT interconnectivity and an organization’s strategic profile.
“Cyberattackers are increasingly targeting the semiconductor sector because it sits at the intersection of global technology, economic power, and national security,” Saify explained.
Nation-state actors drive attack surge
This strategic targeting became evident in recent high-profile campaigns. According to the report, Taiwan’s National Communications and Cyber Security Center confirmed that China-backed APT41 infiltrated at least six semiconductor organizations in July 2025, including chip designers, foundries, and equipment makers.
“Entry was gained via a tampered software update for a widely used industrial control application, after which the actors installed cross-platform backdoors, harvested credentials, and exfiltrated hundreds of GB of IP over weeks while blending into normal encrypted cloud traffic,” Saify said.
The attackers maintained persistence for nearly two months using dual-operating system backdoors, redundant command-and-control infrastructure, and stolen domain credentials. “This was IP-centric espionage, not disruption,” Saify explained. “Even companies that don’t make chips inherit risk through software updates and supplier links.”
Other nation-state groups have adopted similar approaches. Russia’s Sandworm group demonstrated sophisticated operational technology attacks during the Ukraine conflict, while China’s Volt Typhoon group established footholds in US critical infrastructure supporting semiconductor fabrication facilities.
IT-OT convergence creates new attack vectors
These sophisticated campaigns exploit a fundamental vulnerability in modern semiconductor manufacturing: the convergence of information technology and operational technology systems. CloudSEK found that over 60% of Industrial Control System breaches began with IT vulnerabilities such as phishing or VPN exploits before threat actors moved laterally into operational environments.
“IT infrastructure, owing to its massive spike, has become the primary pathway into OT environments,” the report noted.
The November 2023 breach of Aliquippa Water Authority illustrated this vulnerability, where attackers exploited default passwords on an internet-facing system linked to water treatment controls. “Attackers don’t need to exploit vulnerabilities anymore. Often, they’re logging in,” the report stated.
Supply chain compromises cascade across industry
The interconnected nature of semiconductor manufacturing means that single-point failures can cascade across the entire ecosystem. The 2023 ransomware attack on MKS Instruments, a critical supplier to Applied Materials, disrupted manufacturing and shipping workflows across the broader semiconductor ecosystem. “In a globally distributed industry, your vendors are your attack surface,” the report stated.
Adding to these concerns, CloudSEK researchers demonstrated how AI agents could generate malicious code that embedded hardware Trojans during chip design, creating permanent vulnerabilities once etched in silicon. The proof-of-concept showed how “the malicious module was triggered only when specific inputs were provided, at which point it began leaking a secret key bit-by-bit.”
Recommended mitigation strategies
Given these escalating threats, Saify outlined three critical steps that CISOs should implement within 30-60 days: map and monitor semiconductor dependencies including operational technology assets like cleanroom controls; segment and secure IT-OT pathways by auditing connections and enforcing multifactor authentication for remote vendor access; and harden third-party access by requiring suppliers to patch exposed assets and validating software updates.
“Treat every exposed interface or default credential as an open door,” Saify warned, emphasizing that networked manufacturing systems create lateral pivot points for attackers. “With ICS and OT systems increasingly integrated into global supply chains and national infrastructure, the stakes are higher than ever.”
No Responses