Dutch semiconductor company NXP, Europe’s largest chipmaker, was infiltrated by Chinese state-sponsored hackers who lurked within their systems undetected for over two years. The extent of the data theft and compromise is still unclear.
This report comes a few months after the chipmaker confirmed a data breach involving customers’ information.
The Chimera hacking group, known to be associated with Chinese intelligence, breached NXP’s network in late 2017. They maintained access until early 2020 by using stolen account credentials and bypassing double-authentication systems. The hackers were patient, checking for valuable data every few weeks, and exfiltrated information slowly via encrypted cloud storage services like Microsoft’s OneDrive, Dropbox, and Google Drive.
The attack was uncovered during an investigation into a similar breach of Dutch airline Transavia. Analysis of that event revealed communications from NXP’s IP addresses, prompting the chipmaker to scrutinize its own systems. This revealed the years-long compromise by Chimera operators using their custom hacking tool, ChimeRAR.
Impact and Implications
While NXP has stated that no material damage was done, the theft of trade secrets and intellectual property over more than 24 months raises alarms. As a major player in the semiconductor industry, NXP’s chip designs and manufacturing data are extremely valuable.
Also Read: Retailers increasingly unable to stop ransomware attacks: Sophos survey finds
The company acquired Freescale, a leader in auto chips and microcontrollers, in 2015. NXP also produces secure elements and chips used by Apple, Microsoft, Samsung, and tap-to-pay credit cards. The sensitivity of much of NXP’s intellectual property heightens concerns regarding nation-state theft.
It is unknown precisely what or how much data was stolen by the persistent Chinese hackers. Two years of repeated intellectual property theft could provide China with invaluable information to replicate technologies and outpace rivals. The lack of transparency surrounding the breach leaves questions about potential damage unanswered.
Response and Mitigation Efforts
Since detecting the intrusion in early 2020, NXP has implemented stricter controls around data accessibility and transfer. Network monitoring systems have also been enhanced to detect similarly stealthy attacks earlier. Such security improvements are critical to guarding the company’s valuable IP and preventing future breaches.
The years-long compromise of NXP’s network raises critical questions around the cyber resilience of tech manufacturers. Successful exfiltration of sensitive datasets can provide nation-state hackers with everything required to mimic proprietary technologies. As digital threats increase, chipmakers and other companies protecting valuable IP must continually assess and fortify their defenses.
