Chinese hackers from Chimera stole data from Dutch chipmaker NXP

Chinese hackers from Chimera stole data from Dutch chipmaker NXP Semiconductors for more than two years.

Chinese hacker group Chimera penetrated the internal network of Dutch company NXP Semiconductors and stole the semiconductor giant’s intellectual property for more than two years, from late 2017 to early 2020, NRC reports. It is noted that hackers managed to steal NXP documents related to the development and design of microcircuits. The full extent of the crime is not yet known. NXP is the largest chip manufacturer in Europe.

    Image source: NXP Semiconductors

Image source: NXP Semiconductors

The vulnerability in NXP Semiconductors’ network remained undetected for approximately two and a half years. It was only discovered because a similar attack took place on the Dutch airline Transavia, a subsidiary of KLM. Hackers gained access to Transavia’s reservation systems in September 2019. An investigation into the Transavia hack found links to NXP IP addresses, which led to the discovery of the Transavia hack. It is reported that the hack all signs point to the Chimera hacker group, and when breaking into NXP’s internal network, the hackers also used the ChimeRAR tool developed by this group.

To hack NXP Semiconductors, the attackers first used credentials obtained from previous leaks of employees’ personal data on platforms such as LinkedIn and Facebook, and then simply guess passwords to access the semiconductor company’s internal network. Hackers managed to bypass double authentication security measures by changing the mobile phone numbers associated with the system login. The attackers behaved very quietly and inconspicuously, stealing new documents from the NXP database every few weeks. The information obtained was encrypted and then published on online cloud storage services such as Microsoft OneDrive, Dropbox and Google Drive.

NXP Semiconductors is a very large player in the global semiconductor market. The chipmaker expanded its market share and influence after acquiring US chipmaker Freescale in 2015. NXP is known for developing Mifare security chips for Dutch public transport as well as iPhone-related security chips. In particular, NXP participated in the development of hardware components for the Apple Pay payment system.

Although NXP confirms the theft of its intellectual property, the breach did not result in any property damage because the stolen data is complex and cannot be easily used to copy designs. The company therefore saw no need to inform its shareholders or the public about the incident.

NXP reportedly took steps to improve security following the hack. The company has improved its monitoring systems and introduced stricter controls over the availability and transmission of data within its network. The steps are aimed at protecting itself from similar incidents in the future, securing valuable intellectual assets and maintaining the integrity of its network.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment