Chinese hackers steal chip designs from major Dutch semiconductor company — perps lurked for over two years to steal NXP's chipmaking IP: Report

Nvidia Hopper H100 die shot
(Image credit: Nvidia)

Chimera, a Chinese-linked hacker group, infiltrated the network of the Dutch semiconductor giant NXP and had access for over two years from late 2017 to the beginning of 2020, reports NRC. During this period, the notorious hackers reportedly stole intellectual property, including chip designs — however, the full extent of the theft is yet to be disclosed. NXP is the largest chipmaker in Europe, and the scale and extent of the reported attack is shocking. 

According to the report, the breach remained undetected for roughly two and a half years while the hackers lurked in the company's network — the breach was only discovered because a similar attack occurred on the Dutch airline Transavia, a subsidiary of KLM. Hackers accessed Transavia's reservation systems in September 2019. An investigation of the Transavia hack uncovered communications with NXP IPs, which led to the discovery of the NXP hack. The attack bears all of the hallmarks of the Chimera hacking group, including the use of its ChimeRAR hacker tool.

To break into NXP, the hackers initially used credentials from previous data leaks on platforms like LinkedIn or Facebook and then used brute force attacks to guess the passwords. They also bypassed double authentication measures by altering phone numbers. The hackers were patient, only checking for new data to steal every few weeks, and then snuck the data out using encrypted files uploaded to online cloud storage services, like Microsoft's OneDrive, Dropbox, and Google Drive.

NXP is a major player in the global semiconductor market and has been particularly influential after it acquired Freescale (an American company) in 2015. NXP is known for developing secure Mifare chips for public transportation in the Netherlands, but also for secure elements for the iPhone -- Apple's Pay, in particular.

However, even though it confirmed the theft of its intellectual property, NXP says that the breach did not result in material damage — saying that the data stolen is complex enough that it can't be easily used to replicate designs. As such, the company didn't see the need to inform the general public, reports NRC.

Following the breach, NXP reportedly took measures to boost its network security. The company enhanced its monitoring systems and imposed stricter controls on data accessibility and transfer within the company. These steps aim to safeguard against similar incidents in the future to avoid breaches, safeguard the company's valuable intellectual assets, and maintain the integrity of its network.

But who knows what has been stolen already? Additionally, it is anyone's guess how many other semiconductor companies have been hacked yet haven't disclosed those breaches to the public.

Anton Shilov
Contributing Writer

Anton Shilov is a contributing writer at Tom’s Hardware. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

  • you bet
    Thank you Mr. Shilov.
  • COLGeek
    No political discussions will be allowed. Please stay on topic. Thank you.
  • Pei-chen
    Unless company or individual with expertise actually put their name on press release I am going to treat any story of “China threat” as propaganda. That Bloomberg article about China rice-grained sized chip on all Supermicro motherboard a few years ago proved some people will go to extreme length to slander China
  • COLGeek
    We're done here folks. Closing now. Thank you to those who stayed on topic.