Another troubling story, and it makes you wonder if security tools are really good enough. Apparantly this Chimera infostealer was able to bypass AV's/EDR by using Direct Syscalls. Also described in link 2. https://arstechnica.com/security/20...crets-of-chipmaker-nxp-before-being-detected/ https://arstechnica.com/information...ion-generates-billions-but-is-easy-to-bypass/
@Rasheed187, The original long article was from Dutch newspaper NRC (in Dutch): https://www.nrc.nl/nieuws/2023/11/2...van-de-nederlandse-chipfabrikant-nxp-a4182149 There was a blog post from Fox-IT about it: "Abusing cloud services to fly under the radar". The NRC wrote in Dutch: "Sinds deze week, nadat NRC het verhaal aan NXP voorlegde voor een reactie, is het blogbericht offline. Het is nog wel via webarchieven te vinden." So, that blog post was taken off-line since NRC contacted NXP about it. However, NRC wrote that that blog post is still to find on webarchives and NRC gives a link.
Yes I know, I read about it in NRC. Strange that Fox IT's blog post was removed. But from what I understood, the attack on NXP relied heavily on Cobalt Strike, most security tools should be able to tackle this. Too bad that they don't disclose which security tools NXP was using. I do know that companies like CrowdStrike and Zscaler are performing very well on Wall Street, because of growing revenue and profits. Let's hope they can easily stop these kind of attacks. https://www.blackberry.com/us/en/solutions/endpoint-security/ransomware-protection/cobalt-strike
