Dutch chipmaker Nexperia, a subsidiary of Chinese company Wingtech Technology, has officially confirmed a significant breach of its network. A ransomware gang known as Dark Angels claimed responsibility for the breach and leaked samples of what it claims to be stolen data from Nexperia on their website called Dunghill Leak.
Immediate Actions Taken by Nexperia
Following the breach, which occurred in March 2024, Nexperia took swift action to mitigate the impact. According to a statement released by the company. “Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the statement read.
“We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.” The company also engaged external cybersecurity experts to help assess and fortify their security posture, aiming to prevent future incidents.
“We also launched an investigation with the support of third-party experts to determine the nature and scope of the incident and took strong measures to terminate the unauthorized access,” Nexperia stated.
Details of the Data Leaked
On April 10, the ransomware group escalated their threats by posting samples of the stolen data on their website, which included:
- Microscope scans of electronic components
- Passports and personal IDs of employees
- Confidential non-disclosure agreements
The total data at risk includes approximately 1 terabyte, segmented as follows:
- 371 GB of product designs and proprietary company data
- 246 GB of engineering research and internal reports
- 96 GB of marketing strategies and commercial analyses
- 41.5 GB of personal employee information
- 109 GB of client data involving major corporations like SpaceX and Apple
- 121.1 GB of assorted files including emails and administrative documents
Nexperia added to the Dunghill Leak site (Source: BleepingComputer)
These figures are particularly alarming as they represent a comprehensive breach impacting nearly all facets of Nexperia’s operations.
Dunghill Leak’s Connection to Dark Angels
Dark Angels leverage the Dunghill Leak to exert pressure on their victims to meet ransom demands. Notably, in September 2023, Dark Angels had compromised Johnson Controls, a major player in building automation.
During this breach, they encrypted data on the company’s VMWare and ESXi servers. Despite threats to release the stolen data on the Dunghill Leak website if their ransom demands were not met, these disclosures were not made public.
As of now, the Dunghill Leak site lists twelve victims. The data related to eight of these entities has been released in full or in part. Two additional cases are noted as having their data ‘sold on the dark web.’
Final Word
As companies continue to grapple with the advancements in ransomware and cyber-attacks, the incident at Nexperia underscores the need for continuous improvement in digital security measures.