Published in News

Chinese hackers looted NXP for two years

by on29 November 2023

Only discovered on another company’s systems

A hacking group with ties to the Chinese government has been harvesting data from Dutch chipmaker NXP for nearly two years.

According to Netherlands national news outlet NRC Handelsblad, the intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020.

During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach was uncovered when Chimera intruders were detected in a separate company network connected to compromised NXP systems. Details of the breach remained a closely guarded secret until now.

NRC cited a report published by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017."

Some of the intrusions lasted three years before coming to light. NRC said the unidentified victim was NXP.

Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between, and secretly sneak to the protected parts of the network.

The hackers secreted the sensitive data in encrypted archive files via cloud storage services such as Microsoft OneDrive.

The hackers visited every few weeks to see whether interesting new data could be found at NXP and whether more user accounts and network parts could be hacked."

NXP did not alert customers or shareholders to the intrusion other than a brief reference in a 2019 annual report.

It read: "We have occasionally experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, if successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain systems. We are taking steps to identify malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we continue to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."


Last modified on 29 November 2023
Rate this item
(0 votes)

Read more about: