Leading chip maker Nexperia suffered a ransomware attack last month in which threat actors got away with a terabyte of sensitive corporate data.
“Nexperia became aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a statement shared with beepcomputer. “We acted quickly and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation.”
The company subsequently hired outside security experts to determine the nature and scope of the incident and took “robust action” to put an end to unauthorized access.
dark Angels
Meanwhile, a threat actor calling himself Dunghill Leak claimed responsibility for the attack, claiming they were in possession of a terabyte of sensitive data. To prove his claims, the group shared a sample, which included microscopic scans of electronic components, employee passports, confidentiality agreements and other information.
The group is now demanding an unknown ransom payment and if Nexperia refuses, they will allegedly leak:
371GB of design and product data, including quality controls, confidentiality agreements, trade secrets, technical specifications, confidential drawings and production instructions.
246GB of engineering data, including internal studies and manufacturing technologies.
96GB of commercial and marketing data, including pricing and marketing analysis.
41.5GB of corporate data, including human resources, employee personal data, passports, NDAs, etc.
109GB of customer and user data, including brands such as SpaceX, IBM, Apple and Huawei.
121.1GB of various files and miscellaneous data, including email storage files.
Nexperia is a subsidiary of Wingtech Technology, a major Chinese chipmaker that operates plants in Germany and the United Kingdom. It was said to build transistors, diodes, MOSFETs and logic dividers. Its annual revenue exceeds $2 billion.
In its article, BleepingComputer claims that the Dunghill Leak site is linked to the Dark Angels ransomware group.