Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group Claims

Written by

Global chipmaker giant Nexperia has revealed it suffered a cyber-attack amid reports that ransomware hackers stole sensitive documents and intellectual property from the company.

The Chinese-owned firm, headquartered in the Netherlands, confirmed in a statement on April 12 that “an unauthorized third party” accessed certain IT servers in March 2024.

“We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation,” the statement read.

Nexperia said that it is currently working with external specialists to determine the nature and scope of the incident, and has informed relevant authorities in the Netherlands, including law enforcement.

“In the interest of the ongoing investigation, we cannot disclose further details at this point,” the firm added.

Hackers Claim to Hold Sensitive Trade and Customer Data

The attack has been claimed by the Dunghill group, a ransomware gang that began operating from early 2023, according to WatchGuard. It is believed to be responsible for high-profile breaches such as Johnson Controls last year.

Dunghill claimed on its data leak site to have stolen 1TB of data from Nexperia. This includes trade secrets, such as chip designs, personal data of employees, and customer information from well-known brands like SpaceX, Apple and Huawei.

The group also provided a small sample of the alleged data breach in a proof pack in its dark web post. Dutch broadcaster RTL has verified these documents and stated that they include internal emails and the passport of a former senior vice president of the company.

Dunghill is threatening to publish the rest of the data if its ransom demand is not met.

Chip Manufacturing a Growing Security Concern

Nexperia develops and produces semiconductors for electronic devices used across a range of sectors, including automative, industrial and mobile and consumer applications.

It has over 15,000 employees across Europe, Asia and the US, and had a global annual revenue of $2.36bn in 2022.

The cybersecurity of semiconductors has become a significant national security issue due to their fundamental role in critical technologies, including military systems.

In May 2023, the UK Government published a paper warning that hostile states are attempting to steal information on the design of semiconductor technologies and exploit vulnerabilities in chips to launch damaging cyber-attacks on critical industries.

The US has banned American firms from investing in Chinese companies with alleged links to defense or surveillance technology sectors, including chip manufacturers.

In May 2023, China banned products sold by US chipmaker giant Micron due to cybersecurity concerns.

What’s hot on Infosecurity Magazine?