Chinese-affiliated hacker group Chimaera secured access to the network of the massive Dutch semiconductor company NXP for more than two years, from late 2017 to the start of 2020, NRC reported.During this time, the notorious hackers allegedly stole intellectual property, including chip designs; however, the full extent of the theft has yet to be revealed. NXP is Europe's largest chipmaker, and the scale and scope of the disclosed attack is alarming.
The report claims that the hackers lurked in the company's network for almost 2.5 years before the breach was discovered; the Dutch airline Transavia, a subsidiary of KLM, was the target of a similar attack. In September 2019, hackers gained access to Transavia's reservation systems. The NXP hack was discovered as a result of communications with NXP IPs found during an investigation into the Transavia hack. The attack uses the ChimeRAR hacker tool, which is one of the defining characteristics of the Chimaera hacking group.
To gain access to NXP, the hackers first used credentials extracted from previous data leaks on platforms such as LinkedIn or Facebook, and then used brute force attacks to guess passwords. They also got around double authentication by changing phone numbers. The attackers were patient, only checking for new data to steal every few weeks, and then snuck the data out by uploading encrypted files to online cloud storage services such as Microsoft's OneDrive, Dropbox, and Google Drive.
Being a significant player in the global semiconductor market, NXP gained even more clout in 2015 when it purchased the American company Freescale. NXP is well-known for creating secure Mifare chips for Dutch public transport in addition to secure components for the iPhone, specifically Apple Pay.
NXP claims that the breach did not cause material damage, despite acknowledging that its intellectual property had been stolen. The company cites the complexity of the stolen data as a barrier to easy design replication. According to the NRC, the company felt no need to notify the public as a result.
NXP apparently strengthened its network security after the breach. The business tightened its internal data accessibility and transfer policies and upgraded its monitoring systems. These preventative measures were meant to avert future incidents of the same kind, preserve the network's integrity, and protect the company's valuable intellectual property.