Skip to main content
Mallory
Back to threat actors
1 malware family

unk_coltcentury

Also known asUNK_ColtCentury

UNK_ColtCentury is a China-aligned threat actor tracked by Proofpoint that overlaps with TAG-100 and Storm-2077. In October 2024, the group targeted legal personnel at Taiwanese semiconductor organizations using benign conversation-starter or cold emails intended to build trust. Proofpoint assessed that this activity was likely an attempt to ultimately deliver the SparkRAT backdoor. The targeting fits a broader pattern of China-aligned espionage activity against Taiwan’s semiconductor ecosystem, including related legal personnel connected to the industry.

Share:
Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial
OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Who they target

Sectors the actor has been observed targeting.

  • semiconductors
  • legal
ARSENAL

Associated malware families

1 malware family attributed to this actor across reporting.

FamilyContextEvidenceLast seen
SparkRAT...UNK_ColtCentury... likely an attempt to deploy the SparkRAT backdoor.1Mar 18, 2026
ACTIVITY FEED

Recent activity

3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

3 SOURCESView more in app
dark readingNews
Jul 18, 2025
4 Chinese APTs Attack Taiwan's Semiconductor Industry

UNK_ColtCentury is a Chinese APT that targeted legal personnel at Taiwanese semiconductor companies with phishing emails, likely leading to SparkRAT backdoor infections.

Read more
the hacker newsNews
Jul 17, 2025
Chinese Hackers Target Taiwan's Semiconductor Sector with Cobalt Strike, Custom Backdoors

Engaging in trust-building email campaigns targeting legal personnel in Taiwanese semiconductor organizations to deliver Spark RAT.

Read more
proofpoint threat insight blogNews
Jul 16, 2025
Phish and Chips: China-Aligned Espionage Actors Ramp Up Taiwan Semiconductor Industry Targeting 

China-aligned cluster observed sending benign 'conversation starter' emails to legal personnel at a Taiwanese semiconductor organization, assessed as pretexting to enable follow-on malware deployment (likely SparkRAT).

Read more
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.
Start free trial
Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal1

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.

unk_coltcentury | Mallory