Nexperia logo of image of chip fabrication

Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data.

Nexperia is a subsidiary of Chinese company Wingtech Technology that operates semiconductor fabrication plants in Germany and the UK, producing 100 billion units, including transistors, diodes, MOSFETs, and logic devices. The Nijmegen-based company employs 15,000 specialists and has an annual revenue of over $2.1 billion.

In a press statement on Friday, the company disclosed a data breach that forced it to shut down IT systems and launch an investigation to determine the scope of impact.

"Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024," reads the statement.

"We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation."

"We also launched an investigation with the support of third-party experts to determine the nature and scope of the incident and took strong measures to terminate the unauthorized access."

Nexperia says it reported the incident to the police and data protection authorities in the Netherlands and contracted FoxIT to help with the investigations.

Dunghill Leak claimed the attack

On April 10, the extortion site 'Dunghill Leak' announced it had breached Nexperia, claiming to have stolen 1 TB of confidential data and leaked a sample of the allegedly stolen files.

The threat actors published images of microscope scans of electronic components, employee passports, non-disclosure agreements, and various other samples whose authenticity hasn't been confirmed by the chipmaker yet.

Nexperia added to the Dunghill Leak extortion site
Nexperia added to the Dunghill Leak extortion site
Source: BleepingComputer

Dunghill claims that they plan to leak the following data if a ransom demand is not paid:

  • 371 GB of design and product data, including QC, NDAs, trade secrets, technical specifications, confidential schematics, and production instructions.
  • 246 GB of engineering data, including internal studies and manufacturing technologies.
  • 96 GB of commercial and marketing data, including pricing and marketing analysis.
  • 41.5 GB of corporate data, including HR, employee personal details, passports, NDAs, etc.
  • 109 GB of client and user data, including brands such as SpaceX, IBM, Apple, and Huawei.
  • 121.1 GB of various files and miscellaneous data, including email storage files.

BleepingComputer has contacted Nexperia to ask about Dunghill's allegations but a comment wasn't immediately available.

The Dunghill Leak site is linked to the Dark Angels ransomware gang, which uses the data leak site to pressure attacked organizations into paying a ransom.

In September 2023, BleepingComputer first reported that Dark Angels breached building automation giant Johnson Controls and encrypted the company's VMWare and ESXi virtual machines.

The threat actors warned in a ransom note that if an extortion payment was not paid, the threat actors would publish the stolen data on the Dunghill Leak website, which never occurred.

Currently, the Dunghill Leak extortion site lists twelve victims, with data for eight either fully or partially released, while two are marked as 'sold on the dark web.'

Related Articles:

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

Nissan confirms ransomware attack exposed data of 100,000 people

UnitedHealth confirms it paid ransomware gang to stop data leak

Ransomware payments drop to record low of 28% in Q1 2024

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data