It went unnoticed for two and a half years
According to the report, hackers went undetected for two and a half years while navigating the company’s network. The attack was discovered after a similar attack occurred on Dutch airline Transavia, a subsidiary of KLM. Hackers accessed Transavia’s reservation system in September 2019. As a result of the investigation on the subject, communication with NXP’s IP addresses was revealed, and as a result of the in-depth investigation, it was revealed that NXP was hacked. The attack bears all the hallmarks of the Chimera hacking group, including the use of the ChimeRAR hacker tool.
To infiltrate NXP, hackers primarily used credentials obtained from previous data leaks on platforms such as LinkedIn or Facebook. They then used brute force attacks to crack the passwords. They also managed to bypass dual authentication measures by changing their phone numbers. Then the hackers checked for new data to be stolen every few weeks. They then extracted the data using encrypted files uploaded to cloud services such as OneDrive, Dropbox and Google Drive.
NXP is an important company in the global semiconductor market. It became an important player, especially by purchasing the American Freescale in 2015. The company, which developed NFC technology together with Sony, develops chips such as payment, electronic passport and RFID.
The company says it suffered no material damage
Although NXP confirmed that the information was stolen, it states that the breach did not cause material damage and that the stolen data was too complex to be easily used to copy the designs. That’s why they say they didn’t disclose the incident to the public.
Following the incident, NXP stated that it had taken measures to increase the security of its network. The company, which developed its monitoring systems, took stricter measures regarding internal data access and transfer.
Although we do not know the exact behind-the-scenes of the incident, we know that many incidents like this have occurred before in semiconductor companies. These are events that were reflected in the public, who knows what thefts took place that were not revealed?