Chipmaker Nexperia confirms breach after ransomware gang leaks data

Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data.

Nexperia is a subsidiary of Chinese company Wingtech Technology that operates semiconductor fabrication plants in Germany and the UK, producing 100 billion units, including transistors, diodes, MOSFETs, and logic devices. The Nijmegen-based company employs 15,000 specialists and has an annual revenue of over $2.1 billion.

In a press statement on Friday, the company disclosed a data breach that forced it to shut down IT systems and launch an investigation to determine the scope of impact.

"Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024," reads the statement.

"We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation."

"We also launched an investigation with the support of third-party experts to determine the nature and scope of the incident and took strong measures to terminate the unauthorized access."

Nexperia says it reported the incident to the police and data protection authorities in the Netherlands and contracted FoxIT to help with the investigations.

Dunghill Leak claimed the attack

On April 10, the extortion site 'Dunghill Leak' announced it had breached Nexperia, claiming to have stolen 1 TB of confidential data and leaked a sample of the allegedly stolen files.

The threat actors published images of microscope scans of electronic components, employee passports, non-disclosure agreements, and various other samples whose authenticity hasn't been confirmed by the chipmaker yet.

Dunghill claims that they plan to leak the following data if a ransom demand is not paid:

371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions. 246 GB of engineering data, including internal studies and manufacturing technologies. 96 GB of commercial and marketing data, including pricing and marketing analysis. 41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc. 109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei. 121.1 GB of various files and miscellaneous data, including email storage files.

BleepingComputer has contacted Nexperia to ask about Dunghill's allegations but a comment wasn't immediately available.

The Dunghill Leak site is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom.

In September 2023, BleepingComputer first reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company's VMWare and ESXi virtual machines.

The threat actors warned in a ransom note that if an extortion payment was not paid, the threat actors would publish the stolen data on the Dunghill Leak website, which never occurred.

Currently, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as 'sold on the dark web.'