Introduction:
In a shocking revelation, it has come to light that the Chinese hackers steal NXP chip designs for past 2 years in a sophisticated manner.
The breach, which occurred between late 2017 and the beginning of 2020, went undetected for over two years, allowing the hackers unfettered access to NXP’s network and resulting in the theft of crucial intellectual property, including chip designs.
Join Our WhatsApp News for real time information on semiconductors & AI
Chinese hackers steal NXP chip designs: The Extent of the Breach
An investigation by NRC has uncovered that a Chinese hacker group had undetected access to the computer network of NXP, one of the major Dutch chip manufacturers, for a period exceeding two years.
The cyber intrusion, detailed in the report, went unnoticed for an extended duration and resulted in the theft of intellectual property, particularly focusing on chip designs. Despite NXP’s established reputation for security, the compromise of its systems was only discovered in early 2020.
Notably, seven Taiwanese chip companies and the KLM subsidiary, Transavia, were also impacted by this cyber attack.
The incident highlights the susceptibility of even highly advanced technology companies to cyber espionage, as emphasized by Marc Hijink in his article. NXP, a prominent provider of chips for the automotive industry, acknowledges falling victim to targeted espionage attacks.
The primary objective of the perpetrators was to pilfer chip designs and access mailboxes containing substantial volumes of sensitive information. The stolen intellectual property holds significant value for both competitors and entities aiming to exert influence or control over the technology sector.
Chinese hackers steal NXP chip designs: Discovery of the Breach
The breach at NXP was only brought to light when a similar attack occurred on Transavia, a Dutch airline subsidiary of KLM. In September 2019, hackers targeted Transavia’s reservation systems.
During the subsequent investigation, connections to NXP IPs were discovered, leading to the revelation of the extensive hack. The attackers employed their trademark ChimeRAR hacker tool, showcasing the distinct fingerprints of the Chimera group.
How did the Hacking Happen: Social Media
The hackers utilized pilfered account details obtained from previous data breaches on platforms such as LinkedIn or Facebook. Armed with this information, they successfully posed as regular employees, gaining unauthorized access to NXP’s network.
Subsequently, the hackers systematically engaged in the theft, compression, and encryption of substantial volumes of data. The ill-gotten data was then readied for duplication through cloud services like Google Drive, Microsoft OneDrive, and Dropbox.
The orchestrated approach adopted by the hackers suggests a sophisticated and well-coordinated attack, characteristic of an Advanced Persistent Threat (APT) group.
Such tactics align with the strategic objectives of a nation-state actor, and in this case, the Dutch intelligence agency AIVD’s findings link the cyber espionage to China.
Read More: China in a Rush to Stockpile Semiconductor Manufacturing Equipments
Data Exfiltration:
The attackers displayed a high level of sophistication in exfiltrating the stolen data. Encrypted files were uploaded to popular online cloud storage services, including Microsoft’s OneDrive, Dropbox, and Google Drive. This method allowed them to stealthily transfer sensitive information without raising suspicion.
Chinese hackers steal NXP chip designs: NXP’s Response
While NXP asserted in its annual reports for 2020 and 2021 that the cyber attack did not lead to “material” damage, the significance of intellectual property theft should not be underestimated. The incident served as a catalyst for NXP to elevate its awareness and response to cyber espionage risks.
Subsequently, the company experienced another data breach in September 2023, which was promptly identified and mitigated within three days. This swift response indicates that NXP had bolstered its security protocols in the aftermath of the Chimera attack.
Read More: Applied Materials Faces Criminal Investigation over Shipments to China’s SMIC
Security Measures and Future Preparedness:
Following the discovery of the breach, NXP reportedly implemented robust measures to enhance its network security. These measures include an upgrade to monitoring systems and the imposition of stricter controls on data accessibility and transfer within the company.
The objective is to fortify defenses against similar incidents in the future. This will safeguard intellectual assets, and maintain the integrity of NXP’s network.
Unanswered Questions and Industry Implications:
Taiwan, a significant player in the global chip market, also fell prey to the same hacker group that targeted NXP. At least seven Taiwanese chip companies were among the victims, underscoring the global reach of the cyber espionage threat.
This pattern of focused attacks on high-tech industries and critical infrastructure demonstrates that the risk extends beyond national borders.
The NXP incident, coupled with subsequent revelations, has underscored the imperative for companies to fortify their cybersecurity measures.
Read More: What are 8 Patents China’s YMTC Sues Micron for Infringing on?
Conclusion:
NXP semiconductor hack by the Chimera group serves as a stark reminder of the ever-present threat of cyber-attacks on critical industries. As technology advances, so do the capabilities of malicious actors, emphasizing the need for continuous improvement in cybersecurity measures.