The largest semiconductor manufacturer in Europe, NXP, has been hit by a sophisticated cyberattack by a hacker group known as Chimera, which has ties to China. The breach, which occurred from late 2017 to early 2020, was discovered following an attack on the Dutch airline Transavia.
The Chimera hackers had unauthorized access to NXP’s network for more than two years without being detected. Their presence was only revealed after an investigation into a cyberattack on Transavia’s reservation systems in September 2019, which showed communications with NXP IPs. The breach involved the use of Chimera’s signature hacking tool, ChimeRAR.
The hackers initially used credentials from previous data leaks on platforms like LinkedIn or Facebook. They then employed brute force attacks to crack passwords and ingeniously bypassed double authentication by altering phone numbers. They regularly checked for new data to steal and discreetly transmitted it via encrypted files uploaded to cloud storage services like Microsoft’s OneDrive, Dropbox, and Google Drive.
NXP’s role in the global market
NXP, a key player in the global semiconductor industry, gained considerable influence after acquiring the American company Freescale in 2015. The company is known for developing secure Mifare chips for the public transportation system in the Netherlands and secure elements for Apple’s iPhone, particularly for Apple Pay.
While NXP acknowledged the theft of intellectual property, it downplayed the impact of the breach, stating that the complexity of the stolen data would hinder replication. As a result, the company did not see the need to inform the public. After the breach, NXP enhanced its network security by upgrading monitoring systems and tightening internal data access and transfer controls.
This incident highlights the security risks for intellectual property in the semiconductor industry and the possibility of undisclosed breaches in other companies. The full extent and long-term impact of the theft remain unclear, emphasizing the need for stronger industry-wide cybersecurity.
