SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/security/2023/11/hackers-spent-2-years-looting-secrets-of-chipmaker-nxp-before-being-detected/ [arstechnica.com]

A prolific espionage hacking group with ties to China spent over two years looting the corporate network of NXP, the Netherlands-based chipmaker whose silicon powers security-sensitive components found in smartphones, smartcards, and electric vehicles, a news outlet has reported.

The intrusion, by a group tracked under names including "Chimera" and "G0114," lasted from late 2017 to the beginning of 2020, according to [translate.goog] Netherlands national news outlet NRC Handelsblad, which cited “several sources” familiar with the incident.
[...]
NRC cited a report published (and later deleted) by security firm Fox-IT, titled Abusing Cloud Services to Fly Under the Radar [translate.goog]. It documented Chimera using cloud services from companies including Microsoft and Dropbox to receive data stolen from the networks of semiconductor makers, including one in Europe that was hit in “early Q4 2017.” Some of the intrusions lasted as long as three years before coming to light. NRC said the unidentified victim was NXP.
[...]
NXP did not alert customers or shareholders to the intrusion, other than a brief reference in a 2019 annual report.
[...]
Some security researchers said it was surprising that NXP officials didn’t inform customers of the two-year intrusion by threat actors, often abbreviated as TAs.

“NXP chips are in a lot of products,” Jake Williams, a former hacker for the National Security Agency, wrote [infosec.exchange] on Mastodon. “It's likely the TA knows of specific flaws reported to NXP that can be leveraged to exploit devices the chips are embedded in, and that's assuming they didn't implement backdoors themselves. Over 2.5 years (at least), that's not unrealistic.”

Original Submission