Chimera, a threat actor group known for its malicious activities, first gained notoriety as one of the initial ransomware strains that threatened to leak victims' data unless a 2.5 bitcoin ransom was paid. The group primarily spread their ransomware via emails containing malicious Dropbox links. In July 2016, a rival ransomware group named Petya released 3,500 Chimera decryption keys, providing some relief to victims. However, Chimera's activities didn't stop there, with the group demonstrating extensive experience in stealing data from a wide array of companies.
The group's modus operandi was well-documented in an APT Group Chimera report by Cycraft and a Blackhat presentation. They highlighted a strong overlap between their findings and Chimera's intrusions, although the primary victims were located in different regions due to field of view bias. Notably, Chimera used cloud services from companies like Microsoft and Dropbox to receive stolen data, primarily from semiconductor makers. One such intrusion occurred in Europe during early Q4 2017 and lasted up to three years before being discovered.
One significant breach, tracked under names including "Chimera" and "G0114," took place from late 2017 to the beginning of 2020. This breach was reported by the Netherlands national news outlet NRC Handelsblad, which cited several sources familiar with the incident. The victim, identified as NXP, did not discover the breach until Chimera intruders were detected in a separate company network that had connected to the compromised NXP systems on multiple occasions. Various decrypting tools are available to counteract Chimera's ransomware, including solutions provided by Kaspersky, No More Ransom, and TrendMicro.
Description last updated: 2024-03-18T06:15:40.476Z