Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security China

Hackers Spent 2+ Years Looting Secrets of Chipmaker NXP Before Being Detected (arstechnica.com) 19

An anonymous reader quotes a report from Ars Technica: A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported. The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to Netherlands national news outlet NRC Handelsblad, which cited "several sources" familiar with the incident. During that time, the threat actors periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property. The breach wasn't uncovered until Chimera intruders were detected in a separate company network that connected to compromised NXP systems on several occasions. Details of the breach remained a closely guarded secret until now.

NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in "early Q4 2017." Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP. "Once nested on a first computer -- patient zero -- the spies gradually expand their access rights, erase their tracks in between and secretly sneak to the protected parts of the network," NRC reporters wrote in an English translation. "They try to secrete the sensitive data they find there in encrypted archive files via cloud storage services such as Microsoft OneDrive. According to the log files that Fox-IT finds, the hackers come every few weeks to see whether interesting new data can be found at NXP and whether more user accounts and parts of the network can be hacked."

NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report. It read: "We have, from time to time, experienced cyber-attacks attempting to obtain access to our computer systems and networks. Such incidents, whether or not successful, could result in the misappropriation of our proprietary information and technology, the compromise of personal and confidential information of our employees, customers, or suppliers, or interrupt our business. For instance, in January 2020, we became aware of a compromise of certain of our systems. We are taking steps to identify the malicious activity and are implementing remedial measures to increase the security of our systems and networks to respond to evolving threats and new information. As of the date of this filing, we do not believe that this IT system compromise has resulted in a material adverse effect on our business or any material damage to us. However, the investigation is ongoing, and we are continuing to evaluate the amount and type of data compromised. There can be no assurance that this or any other breach or incident will not have a material impact on our operations and financial results in the future."

This discussion has been archived. No new comments can be posted.

Hackers Spent 2+ Years Looting Secrets of Chipmaker NXP Before Being Detected

Comments Filter:
  • by JeffOwl ( 2858633 ) on Tuesday November 28, 2023 @07:14PM (#64039715)

    "At NXP, we believe that security is essential now more than ever. We have a strong history of providing solutions to ecosystems that require heightened security and privacy, from the edge to the cloud. Our deep engineering expertise, proven processes and understanding of emerging trends are just a few reasons why we deliver trusted solutions to meet your security needs."

    On their website, we should, or should not, take them seriously?

  • by bill_mcgonigle ( 4333 ) * on Tuesday November 28, 2023 @09:34PM (#64039911) Homepage Journal

    > Such incidents, whether or not successful, could result in the misappropriation of our proprietary information

    This is so obviously untrue that somebody was trying to get a message out.

    I guess it was about the multi-year cover-up? Too bad nobody noticed the "Help, I'm being held prisoner in the fortune cookie factory!" claim contemporaneously.

    Do these guys IIRC make an FPGA? If yeah double-check the compiler output.

  • Not just 'ties' (Score:4, Insightful)

    by Baron_Yam ( 643147 ) on Tuesday November 28, 2023 @10:09PM (#64039945)

    If a Chinese hacking group is exfiltrating IP from another country and China isn't cracking down on the people benefiting from it or showing any real signs of hunting down the hackers... it's a CCP operation.

    There's no reason to give benefit of the doubt, and in fact it belies common sense to even consider doing so.

    Show me the executives going to jail for accepting the data. Show me the companies shut down for producing the products made with it. Until then, it's merely an unacknowledged government program.

  • by pepsikid ( 2226416 ) on Tuesday November 28, 2023 @11:31PM (#64040069)

    Interesting... at the beginning of 2020, I was hired to refresh the PCs at the Austin TX NXP facility. This place was the size of a small city and it was only 10% full or less. They put the refresh on hold for unknown reasons (didn't want to wipe any hacker evidence?) and made me join the deskside support team.

    The place was mostly populated by busy-looking people from India who treated every other ethnicity as a lower caste. One of the deskside guys had sat in a meeting where they were talking about how nobody who wasn't Indian would ever get a raise or promotion there (they mistook him for Indian). After 6 weeks of still not getting a badge (I had to wait at the entrance for someone to come bring me in as a guest EVERY morning) or login accounts, I noped out of there. Very toxic and disfunctional environment.

    Interestingly, a few months later I went to a job interview and the lady there thought I was someone else and pulled out a copy of one of these deskside guy's resumes when she sat down with me. That particular dude was an ahole and i'm lucky I didn't run into him as I left the building; he was probably also interviewing there that day.

  • Yeah...because they'll steal from anybody.

    • Erh... no, by definition it is.

      Care to show me anything tech that's not "Made in China"? Of course their tech is as good as everyone's, everyone's tech IS theirs.

  • In the 1800s it was the US stealing British technologies. The most famous being Francis Cabot Lowell stealing the loom.
    Once a country gets advanced enough it actually has some IP to hide, it begins respecting IP law.

  • I'm wondering if they let the hackers 'steal' deliberate misinformation. They could really do themselves a favor with supplying the hackers with 'secret' that are completely bogus and result in buggy/faulty chips. It was reported that the formula for the faulty capacitors [wikipedia.org] was "mis-copied", absolving the hacked company of any responsibility.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A black panther is really a leopard that has a solid black coat rather then a spotted one.

Working...