According to the Dutch newspaper NRC, a Chinese-linked hacker group called Chimera managed to infiltrate the network of the Dutch semiconductor giant NXP for two and a half years, from the end of 2017 to the beginning of 2020. During this time, hackers stole the company’s intellectual property, including chip designs. However, all the details of the incident were not disclosed. This attack on NXP, Europe’s largest chip manufacturer, is described as shocking.It went unnoticed for two and a half years
According to the report, hackers went undetected for two and a half years while navigating the company’s network. The attack was discovered after a similar attack occurred on Dutch airline Transavia, a subsidiary of KLM. Hackers accessed Transavia’s reservation system in September 2019. As a result of the investigation on the subject, communication with NXP’s IP addresses was revealed, and as a result of the in-depth investigation, it was revealed that NXP was hacked. The attack bears all the hallmarks of the Chimera hacking group, including the use of the ChimeRAR hacker tool.
To infiltrate NXP, hackers primarily used credentials obtained from previous data leaks on platforms such as LinkedIn or Facebook. They then used brute force attacks to crack the passwords. They also managed to bypass dual authentication measures by changing their phone numbers. Then the hackers checked for new data to be stolen every few weeks. They then extracted the data using encrypted files uploaded to cloud services such as OneDrive, Dropbox and Google Drive.
NXP is an important company in the global semiconductor market. It became an important player, especially by purchasing the American Freescale in 2015. The company, which developed NFC technology together with Sony, develops chips such as payment, electronic passport and RFID.
The company says it suffered no material damage
Although NXP confirmed that the information was stolen, it states that the breach did not cause material damage and that the stolen data was too complex to be easily used to copy the designs. That’s why they say they didn’t disclose the incident to the public.
Following the incident, NXP stated that it had taken measures to increase the security of its network. The company, which developed its monitoring systems, took stricter measures regarding internal data access and transfer.
Although we do not know the exact behind-the-scenes of the incident, we know that many incidents like this have occurred before in semiconductor companies. These are events that were reflected in the public, who knows what thefts took place that were not revealed?
22426
