Dutch chip manufacturer Nexperia has been hacked. The cybercriminals who carried out the attack say they will publish highly sensitive data if the company refuses to pay.
Dutch news agency RTL Nieuws discovered that the incident had taken place. Speaking to this publication, Nexperia does not want to disclose any details as it’s still investigating the incident. According to the criminals, the leak involves hundreds of gigabytes of sensitive material.
The group in question is known as “Dunghill” and is fairly new. This criminal enterprise presents itself as a collection of researchers who demand a sum of money in return for their (unsolicited and illegal) infiltration efforts.
As it happens, the data leak has already begun: dozens of confidential documents have been published on the darkweb. According to RTL News, the information is authentic.
Also read: An exploit could lead to remote shutdown of security systems: who is responsible?
Other parties affected
Nexperia plays an important role as a chipmaker for various parties. This means that a major data breach would be bad news for both the company itself and many of its partners. Knowledge about the manufacturing process, trade secrets, and customer data from the likes of SpaceX, Apple, and Huawei are compromised. It’s possible that the leaked information speeds up the discovery of critical flaws in Nexperia’s chips, leading to further compromises.
The chips Nexperia produces are usually relatively straightforward. However, they are incredibly prevalent in household settings as well as critical infrastructure. The manufacturing process is considered the distinctive aspect of the former NXP unit, now owned by China’s Wingtech Technologies. RTL News rightly describes the information as the company’s “digital crown jewels.”
Action taken
Nexperia would not discuss details of the incident but did disclose that it has reported its findings to the police and the Dutch Personal Data Authority. “We took immediate action and disconnected the affected systems. Together with our external cybersecurity expert Fox-IT, Nexperia continues to investigate the full scope and impact of the case.”
In several ways, the Dunghill attack is reminiscent of that of 8Base, for example. That group also presents itself as legitimate testers of corporate security, albeit again uninvited.
In addition, it’s become clear once more that an impending data breach is enough of a headache for many parties. Nexperia’s competitive position risks being undermined if the descriptions of secret innovations end up being publicly available in relatively plain language. Leaks of other sensitive information can also strain customer relationships.
Cybercriminals have started adopting more attack methods without encryption in recent times. Data theft is more easily accomplished than said theft accompanied by a ransomware encryption. It can lead criminals to explore different styles of attacks. For example, the ransomware gang ALPHV/BlackCat threatened legal action against a victim for failing to disclose a data breach in a timely manner.
Read more: Ransomware gang takes legal action against its victim