Bengaluru, India — August 12, 2025 — CloudSEK’s latest threat intelligence report, Silicon Under Siege: The Cyber War Reshaping the Global Semiconductor Industry, uncovers a rapidly escalating cyber threat landscape targeting the semiconductor sector – the digital backbone of modern civilization.

Powering everything from AI and defence systems to smartphones, clean energy, and healthcare, semiconductors have become both a strategic asset and a prime cyber target. The research reveals that nation-state-backed groups, ransomware operators, and hacktivists are waging a silent but highly coordinated cyber war — one that threatens economies, disrupts global supply chains, and risks the very foundation of critical infrastructure.

CloudSEK’s proof-of-concept showed how AI can be harnessed to design and embed hardware Trojans at the pre-design stage of a chip. Even a simple AI-generated implant can evade detection and, once manufactured, lie dormant for years until triggered – leaking sensitive data, falsifying outputs, or halting operations. More advanced AI-driven designs could tailor Trojans to bypass specific security checks, adapt to different architectures, and remain invisible across multiple verification stages, making them potent tools for espionage or sabotage in the semiconductor supply chain.

Key Findings from the CloudSEK Report
  • Attack volume up sixfold since 2022 — Driven by espionage, supply-chain compromises, and state-sponsored campaigns.
  • $1.05 billion in ransomware-related losses since 2018 — Including ransom payments, downtime, and recovery costs, crippling semiconductor operations worldwide.
  • IT as initial attack vector — Over 60% of ICS breaches begin with IT (phishing, VPN exploits, CVEs, exposed interfaces and misconfigurations, default or leaked/compromised credentials, etc.) before pivoting to OT.
  • Massive infrastructure exposure — The U.S. alone has ~2 million publicly reachable ICS assets linked to semiconductor operations, many potentially with weak or default controls.
  • Massive Middle East ICS exposure — Across the Middle East, publicly reachable ICS & OT assets tied to semiconductor-linked manufacturing and potentially critical oil, gas, and industrial operations remain exposed: UAE (~12.1K), Turkey (~10.8K), Saudi Arabia (~4.8K), Iran (~4.6K), Bahrain (~2.4K), and Qatar (~400), with potential vulnerabilities stemming from weak authentication, misconfigurations, and outdated protocols.
  • High-value espionage incidents — In July 2025, China-backed APT41 infiltrated multiple Taiwanese semiconductor companies via a compromised software update, stealing proprietary chip designs and process data.
  • Pre-silicon hardware Trojans — CloudSEK’s proof-of-concept AI-generated Trojan can remain dormant until triggered, leaking cryptographic keys while evading standard tests.
  • Single vendor compromise cascading into global disruption — The 2023 MKS Instruments ransomware breach caused an estimated $250M in losses to Applied Materials in one quarter.
Geopolitics and the “Silicon Cold War”

The semiconductor race has become a strategic flashpoint in the global balance of power, with cyber espionage campaigns, supply chain intrusions, and state-backed sabotage now central to the contest:

  • China — investing $150+ billion to achieve chip self-sufficiency and reduce reliance on Western tech.
  • U.S. — committed $52 billion via the CHIPS Act to reshore manufacturing and secure supply chains.
  • India — investing $10 billion in its semiconductor mission, aiming for a $100 billion market by 2030.
  • Taiwan — produces over 60% of the world’s advanced chips, making it a critical node in the global tech ecosystem.
  • Europe — facing converging geopolitical and infrastructure risks, as exemplified by a SCADA compromise of a Ukrainian power substation during the Russia–Ukraine conflict that used OT-aware malware to issue malicious control commands.

State-sponsored Advanced Persistent Threats (APTs) such as APT41, Volt Typhoon, PlushDaemon, etc. are embedding themselves in software pipelines, EDA tools, and factory operations, shifting from mere data theft to long-term disruption strategies that can cripple production during geopolitical flashpoints.

Notable Campaigns and Case Studies

Historic Incidents

The semiconductor industry’s cyber risk is not new. Landmark events such as the 2010 Stuxnet sabotage of Iran’s Natanz facility, the 2018 TSMC WannaCry infection that halted iPhone chip production, and other high-profile attacks have long demonstrated the destructive potential of cyber threats to semiconductor-driven critical infrastructure.

Real-World Incidents Highlighting IT–OT Interdependencies
  • Aliquippa Water Authority Breach (Nov 2023) — Default HMI credentials exposed Unitronics PLCs, demonstrating how simple IT misconfigurations can compromise industrial controls.
  • UNC5221 VPN Exploitation (2025) — State-affiliated actors exploited CVE-2025-22457 in ICS VPN appliances to pivot into OT networks, spotlighting VPNs as critical OT entry points.
  • Infostealer Malware Targeting Defense Contractors (Feb 2025) — Commodity stealers harvested credentials that could be used to access corporate VPNs and OT management interfaces.
  • Medusa Ransomware Campaigns (2021–2025) — Active RaaS operations targeting legacy ICS/SCADA systems in manufacturing and supply chains, often combining encryption with IP extortion.
  • Microchip Technology Breach (Aug 2024) — IT system compromise disrupted multiple facilities, causing ~$21M in losses and halting connected OT functions.
Emerging Threat Patterns Identified by CloudSEK
  • Supply Chain Attacks — Targeting trusted vendors, software updates, and outsourced design services.
  • Pre-silicon Design Compromise — Embedding hardware Trojans directly into chip designs during the design phase, remaining dormant and undetectable until after manufacturing.
  • IT–OT Convergence Risks — Misconfigured SCADA dashboards, HMIs, and cleanroom controllers now searchable online, enabling attackers to “log in” rather than hack in.
  • Ransomware with IP Extortion — Exfiltrating proprietary designs to pressure payments from both chipmakers and dependent industries.
Why It Matters

“Semiconductors are the new oil — and the new high ground in geopolitical conflict. These attacks don’t just threaten a company’s bottom line; they can disrupt national economies, weaken defence readiness, and shift global technological leadership. In many cases, the compromise is invisible until it’s too late — literally etched in silicon,” Ibrahim Saify, Security Analyst, CloudSEK.

CloudSEK’s Strategic Recommendations for the Semiconductor Sector
  1. Isolate IT and OT Networks — Prevent lateral movement between corporate IT and manufacturing systems.
  2. Secure-by-Design Practices — Implement RTL integrity checks, formal logic verification, and traceable SBOMs for third-party IP.
  3. Continuous Attack Surface Monitoring — Detect exposed assets, leaked credentials, and unpatched CVEs before attackers exploit them.
  4. Vendor Risk Management — Enforce stringent security requirements for all suppliers and third-party service providers.
  5. Global Threat Intelligence Sharing — Collaborate across borders to detect and neutralize state-sponsored campaigns before they escalate.

CloudSEK’s BeVigil and XVigil platforms deliver real-time visibility into exposed IT/OT assets on the Internet, map vulnerable vendor ecosystems, and track emerging threat actor infrastructure, enabling chipmakers and suppliers to act before vulnerabilities become permanent features of the global tech landscape.