SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Ransomware

Ransomware Group Claims Theft of Data From Chipmaker Nexperia 

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

Chipmaker Nexperia has confirmed being targeted by hackers after a known ransomware group claimed to have stolen a significant amount of data from the company’s systems.

Netherlands-based Nexperia, a subsidiary of the Chinese company Wingtech Technology, designs and manufactures semiconductors for the automotive, industrial, mobile and consumer sectors. 

The ransomware group named Dark Angels (aka Dunghill) announced on its Tor-based website on April 10 that it had stolen 1 Tb of data from Nexperia.

The information that was allegedly compromised includes quality control data, client folders for nearly 900 companies (including major companies such as Apple, IBM, Huawei and SpaceX), confidential project data, industrial production data, and corporate information. 

The cybercriminals have made public a few files as proof, but they are threatening to leak all the stolen data unless a ransom is paid. 

Nexperia confirmed the “IT breach” on Friday, saying that some of its servers were accessed by an unauthorized third party in March. 

“We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation. We also launched an investigation with the support of third-party experts to determine the nature and scope of the incident and took strong measures to terminate the unauthorized access,” the company stated.

Advertisement. Scroll to continue reading.

Nexperia has notified data protection authorities and law enforcement. The company cited the ongoing investigation for not being able to share additional information. 

The Dark Angels ransomware group is also known for its attack on Johnson Controls, from which the hackers claimed to have stolen 27 Gb of information and demanded a $51 million ransom. In February, the company said expenses associated with the incident exceeded $27 million. 

Related: U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

Related: Ransomware Group Targets Foxconn Subsidiary Foxsemicon

Related: TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.