The Dutch semiconductor giant, NXP, fell victim to a prolonged cyber infiltration orchestrated by the Chinese-linked hacker group, Chimera, according to reports from NRC. The breach persisted for over two years, spanning from late 2017 to the beginning of 2020, during which the hackers allegedly pilfered intellectual property, particularly chip designs. NXP, a key player in Europe’s semiconductor market, faced a significant security compromise, raising concerns about the magnitude of the attack.
The clandestine breach only came to light when a similar cyberattack targeted Transavia, a Dutch airline subsidiary of KLM, in September 2019. Subsequent investigations into the Transavia incident revealed connections to NXP IPs, ultimately exposing the extended infiltration into NXP’s network. The signature modus operandi of the Chimera hacking group, including the deployment of their ChimeRAR tool, further confirmed their involvement.
Chimera’s entry into NXP’s network began with the exploitation of credentials sourced from previous data leaks on platforms like LinkedIn and Facebook. Employing brute force attacks to crack passwords and altering phone numbers to bypass double authentication measures, the hackers demonstrated a sophisticated and patient approach. Operating discreetly, they checked for new data to exfiltrate at intervals, utilizing encrypted files uploaded to popular online cloud storage services such as Microsoft’s OneDrive, Dropbox, and Google Drive.
NXP, a major force in the global semiconductor arena, holds significance in the market, especially following its acquisition of the American company Freescale in 2015. Renowned for developing secure Mifare chips for Dutch public transportation and secure elements for Apple’s Pay, NXP’s intellectual property was a prime target for the hackers.
Despite confirming the theft of intellectual property, NXP downplayed the impact, asserting that the stolen data’s complexity makes it challenging for replication. Consequently, the company opted not to disclose the breach to the public, citing the lack of immediate material damage. Nevertheless, the incident prompted NXP to fortify its cybersecurity measures. The company implemented enhanced monitoring systems and stringent controls on data accessibility and transfer within its network, aiming to thwart potential future breaches, safeguard its intellectual assets, and maintain the integrity of its systems. These proactive measures reflect NXP’s commitment to fortifying its defenses against cyber threats and ensuring the ongoing security of its valuable technological innovations.