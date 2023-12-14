A well-known hacking group in China known as Chimera infiltrated the infrastructure of the Dutch semiconductor manufacturer NXPthe largest in Europe, at the end of 2017. The company did not find out about it until early 2020, according to NRC, and it is not clear what kind of damage they may have caused.

Hackers are known to have stolen intellectual property and new chip designs, but the full extent of the hack is currently a mystery. The security breach was open for almost two and a half years and was only discovered when a similar attack occurred on the airline Transavia, a subsidiary of KLM.

The Chimera hackers accessed Transavia's reservation systems in September 2019, and after investigating this intrusion, communications were detected with the IPs of the NXP servers, which were the ones that ended up revealing that the NXP hack had occurred a long time ago. before.

The identification of Chimera as responsible for the attack was deduced through the methods used and especially from the use of its ChimeRAR tool. To infiltrate NXP, hackers used credentials from previous leaks and then obtained the passwords to those leaked accounts with brute force attacks.

To overcome two-step authentication using techniques such as SIM swapping, after which they gained apparently indiscriminate access to the NXP VPN. From there, as indicated in Ars Technica, they patiently stole data every few weeks, encrypting that data and then uploading it to services such as OneDrive, Dropbox or Google Drive.

The hack is especially worrying because NXP is a very important manufacturer that, among other things, is responsible for manufacturing the chips that ensure mobile payments on iPhones.

NXP officials say the intrusion has not caused “material damage,” and that the stolen data is complex and cannot easily be used to replicate designs. For this reason, they stated in the company, they did not see the need to inform the general public and we have now found out about the hack. Despite this, the real scope of this hack and its impact are currently unknown.

