In a concerning development for the global technology supply chain, sophisticated threat actors have launched a coordinated campaign exploiting previously unknown vulnerabilities in critical semiconductor manufacturing systems.These zero-day exploits are enabling attackers to penetrate the networks of leading chip manufacturers, potentially compromising intellectual property worth millions and threatening production capabilities essential to industries ranging from consumer electronics to defense systems.The attacks, which began surfacing in early 2025, represent a significant escalation in cyber operations targeting the semiconductor sector.The semiconductor industry has become an increasingly attractive target due to its strategic importance in global technology and national security frameworks.These companies design and manufacture the chips that power everything from smartphones and laptops to cars and medical equipment, making them valuable targets for both criminal enterprises seeking financial gain and nation-state actors pursuing technological advantages.The complex global supply chains these companies rely on create numerous entry points for determined attackers, while the high cost of production downtime makes them particularly vulnerable to extortion attempts.DarkOwl researchers [identified](https://www.darkowl.com/blog-content/darknet-threats-targeting-semiconductor-companies/) a disturbing trend where zero-day vulnerabilities in Industrial Control Systems (ICS), SCADA environments, and chip manufacturing equipment are being openly traded on darknet forums and private communication channels.’We’ve observed a significant increase in discussions specifically targeting firmware vulnerabilities in semiconductor manufacturing equipment, particularly ASML lithography systems and ARM-based architectures,’ noted a senior threat researcher at DarkOwl.These vulnerabilities are fetching premium prices on underground markets due to their potential for both [espionage](https://cybersecuritynews.com/a-new-espionage-hacking-campaign-targeting-telecoms/) and sabotage operations.The implications of successful attacks extend far beyond the targeted companies themselves.Compromised semiconductor components could potentially contain embedded malicious firmware before deployment, creating [security risks](https://cybersecuritynews.com/the-cybersecurity-risks-of-smart-buildings/) that propagate throughout critical infrastructure sectors.Several major semiconductor firms have already experienced significant breaches, including the theft of proprietary GPU designs and employee credentials, [ransomware](https://cybersecuritynews.com/ransomware-attack-prevention-checklist/) attacks demanding multi-million dollar payments, and the leaking of sensitive engineering documentation and firmware signing keys on underground forums.**Infection Mechanism Analysis**——————————–The primary infection vector leverages a sophisticated multi-stage attack chain beginning with exploits targeting vulnerable network edge devices commonly used in manufacturing environments.The initial compromise typically occurs through a memory corruption vulnerability in the device firmware update mechanism.Once exploited, attackers deploy a custom-developed payload that establishes persistence while evading standard detection methods.A particularly concerning aspect of this campaign is the exploitation of a zero-day vulnerability in commonly used Electronic Design Automation (EDA) tools.The vulnerability allows for arbitrary code execution when parsing certain file formats, as demonstrated in this simplified proof-of-concept:- def trigger_vulnerability(target_file): with open(target_file, ‘rb’) as f: header = f.read(16) if header[0:4] != b’EDAX’: return False # Crafting malicious payload payload = b’A’ * 256 + struct.pack(‘ [Calix Pre-Auth RCE on TCP Port 6998 Allow Arbitrary Code Execution as Root User](https://cybersecuritynews.com/calix-pre-auth-rce-on-tcp-port-6998-allow-arbitrary-code-execution/)The post [Threat Actors Actively Attacking Semiconductor Companies With 0-Day Exploits](https://cybersecuritynews.com/threat-actors-actively-attacking-semiconductor-companies/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 81 – Other Services (except Public Administration)
NAICS: 336 – Transportation Equipment Manufacturing
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 922 – Justice
Public Order
Safety Activities
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 51 – Information
Associated Indicators: