Chinese Hacker Group Chimera Invaded Dutch Chipmaker NXP for Nearly Three Years

In the murky world of cyber espionage, where nation-states and sophisticated hacking groups vie for secrets and intellectual property, the Dutch chipmaker NXP found itself at the center of a clandestine operation. For nearly three years, a Chinese hacker group known as “Chimera” burrowed deep into NXP’s systems, stealing valuable intellectual property and leaving behind a trail of erased tracks and encrypted data.

The meticulous intrusion, which remained undetected until early 2020, highlights the growing sophistication of cyber espionage and the vulnerabilities that exist even in the most secure environments. It also serves as a stark reminder of the potential impact of such attacks on critical industries like chip manufacturing.

The Chimera hacker group’s infiltration of NXP began in late 2017 when they gained access to the company’s network using compromised employee accounts. These accounts were likely obtained through previous data breaches from other services like LinkedIn or Facebook. To bypass NXP’s two-factor authentication, which required an additional code provided over the phone, the hackers cleverly modified the telephone numbers associated with the accounts.

Once inside the initial system, the Chimera group methodically expanded their reach, erasing their tracks and infiltrating deeper into NXP’s protected networks. They targeted sensitive data, encrypting it and uploading it to cloud storage services like Microsoft OneDrive. Their persistence and stealth allowed them to remain undetected for nearly three years, regularly checking the NXP systems for new information.

The discovery of Chimera’s infiltration came about indirectly, through a cyberattack on another Dutch company, Transavial, a subsidiary of KLM. In September 2019, Transavial detected attempted unauthorized access to its reservation systems. The company immediately notified the Dutch Data Protection Authority (AP) and engaged cybersecurity experts from Fox-IT to investigate.

During their investigation, Fox-IT researchers noticed suspicious connections to IP addresses in Eindhoven, where NXP’s headquarters are located. This revelation prompted Transavial to alert NXP in January 2020, leading to the chipmaker’s engagement of Fox-IT to investigate its own systems.

While NXP’s financial reports indicate that the Chimera group’s actions did not cause material financial damage, the theft of intellectual property remains a significant concern. The stolen data likely included valuable chip designs, potentially giving Chimera and its associates a competitive advantage in the global chip market.

The NXP breach also highlights the interconnectedness of the tech industry and the potential for supply chain disruptions caused by cyberattacks. As chipmakers play a crucial role in the production of various electronic devices, cyberattacks on these companies can have far-reaching consequences.

The Chimera group’s infiltration of NXP serves as a stark reminder of the evolving nature of cyber threats and the need for vigilance in protecting sensitive data. Companies must continuously strengthen their cybersecurity measures, employ advanced security protocols, educate employees about cybersecurity risks, and promptly address any detected vulnerabilities.

The NXP breach also underscores the importance of collaboration and information sharing among companies and cybersecurity experts. Timely communication and sharing of threat intelligence can help identify and mitigate cyberattacks before they cause significant damage.

Via: nltimes