Chipmakers face rising cyber threats tied to geopolitics: CloudSEK report

CloudSEK report warns that the semiconductor industry is facing a surge in cyber attacks, from ransomware to AI-designed hardware Trojans.

As semiconductors power everything from smartphones and medical devices to defense systems and AI, they are now a prime target for hackers, according to CloudSEK's report Silicon Under Siege: The Cyber War Reshaping the Global Semiconductor Industry.

The research shows that state-backed groups, ransomware gangs, and activist hackers are focusing on chipmakers more than ever. These attacks jeopardize not just individual companies, but also supply chains, economies, and national security.

CloudSEK's findings reveal that AI is already being used to create hardware Trojans—malicious code hidden in chips before they reach production. Even basic implants can slip through testing and go inactive for years. When triggered, they might leak sensitive data, alter chip outputs, or disable systems. More advanced designs could adapt to bypass security checks, making them valuable tools for espionage and sabotage.

What the data shows

The scale of the problem is rising quickly. Since 2022, attack volume has grown sixfold, driven by espionage and state-linked campaigns. Ransomware has also left a heavy mark, causing more than US$1 billion in losses since 2018, including ransom payments, downtime, and recovery.

Most breaches begin in IT networks through phishing, weak VPNs, or stolen credentials before spreading into industrial systems. In the US, about two million Internet-facing industrial devices linked to chipmaking remain exposed, many with weak or default settings. Similar gaps exist in the Middle East, where thousands of vulnerable systems in countries like the UAE, Turkey, and Saudi Arabia leave critical operations open to attack.

Espionage is also expanding. In July 2025, the China-backed group APT41 infiltrated several Taiwanese chipmakers by using a compromised software update, seizing designs and process data. And even a single ransomware incident can spread worldwide. The 2023 attack on MKS Instruments rippled through the supply chain, costing Applied Materials an estimated $250 million in one quarter.

The geopolitical contest

The cyber threat is deeply tied to global politics. China has invested more than U$150 billion to build chip self-sufficiency, while the United States has allocated US$52 billion under the CHIPS Act. India has committed $10 billion with hopes of growing the sector to US$100 billion by 2030. Taiwan, producing more than 60% of the world's advanced chips, remains the most critical hub.

With such high stakes, advanced threat groups are moving from simple data theft to strategies aimed at long-term disruption. By embedding themselves in design tools and software pipelines, they are preparing attacks that could be triggered during political flashpoints.

"Semiconductors are the new oil — and the new high ground in geopolitical conflict," said Ibrahim Saify, Security Analyst at CloudSEK.

"These attacks don't just threaten a company's bottom line; they can disrupt national economies, weaken defence readiness, and shift global technological leadership."

Isolate IT and manufacturing systems

CloudSEK recommends chipmakers isolate IT and manufacturing systems, adopt secure design practices, monitor exposed assets, and hold suppliers to stronger security standards. Sharing intelligence across borders will also be key as attacks increasingly cross national lines.

The industry has long known it is vulnerable. But as cyber campaigns grow sharper and more political, the risks are harder to ignore.