NXP, Europe’s largest semiconductor manufacturer, fell victim to a sophisticated cyberattack by Chimera, a hacker group with ties to China. According to Tom’s Hardware, the breach, which lasted from late 2017 to early 2020, was only discovered following a related attack on the Dutch airline Transavia.
For over two years, Chimera hackers covertly accessed NXP’s network, undetected. Their presence came to light only after an investigation into a cyberattack on Transavia’s reservation systems in September 2019, which revealed communications with NXP IPs. This breach is characterized by the use of Chimera’s signature hacking tool, ChimeRAR.
The hackers initially exploited credentials from previous data leaks on platforms like LinkedIn or Facebook. They then launched brute force attacks to decipher passwords and ingeniously bypassed double authentication by altering phone numbers. Demonstrating patience, they periodically checked for new data to steal, discreetly exfiltrating it via encrypted files uploaded to cloud storage services like Microsoft’s OneDrive, Dropbox, and Google Drive.
NXP’s role in the global market
NXP, a pivotal player in the global semiconductor industry, gained significant influence after acquiring the American company Freescale in 2015. The company has earned renown for developing secure Mifare chips for the Netherlands’ public transportation and secure elements for Apple’s iPhone, especially for Apple Pay.
Despite acknowledging the intellectual property theft, NXP minimized the breach’s impact, claiming the stolen data’s complexity hinders design replication. Consequently, the company did not feel compelled to inform the public. Following the breach, NXP strengthened its network security, upgrading monitoring systems and tightening internal data access and transfer controls.
This incident highlights semiconductor industry IP security risks and possible undisclosed breaches in other firms. The theft’s scope and long-term impact are unclear, underscoring the need for stronger industry-wide cybersecurity.
Source link