Chimera

Threat Actor updated 6 months ago (2024-05-04T18:12:14.630Z)
Download STIX
Preview STIX
Chimera, a threat actor group known for its malicious activities, first gained notoriety as one of the initial ransomware strains that threatened to leak victims' data unless a 2.5 bitcoin ransom was paid. The group primarily spread their ransomware via emails containing malicious Dropbox links. In July 2016, a rival ransomware group named Petya released 3,500 Chimera decryption keys, providing some relief to victims. However, Chimera's activities didn't stop there, with the group demonstrating extensive experience in stealing data from a wide array of companies. The group's modus operandi was well-documented in an APT Group Chimera report by Cycraft and a Blackhat presentation. They highlighted a strong overlap between their findings and Chimera's intrusions, although the primary victims were located in different regions due to field of view bias. Notably, Chimera used cloud services from companies like Microsoft and Dropbox to receive stolen data, primarily from semiconductor makers. One such intrusion occurred in Europe during early Q4 2017 and lasted up to three years before being discovered. One significant breach, tracked under names including "Chimera" and "G0114," took place from late 2017 to the beginning of 2020. This breach was reported by the Netherlands national news outlet NRC Handelsblad, which cited several sources familiar with the incident. The victim, identified as NXP, did not discover the breach until Chimera intruders were detected in a separate company network that had connected to the compromised NXP systems on multiple occasions. Various decrypting tools are available to counteract Chimera's ransomware, including solutions provided by Kaspersky, No More Ransom, and TrendMicro.
Description last updated: 2024-03-18T06:15:40.476Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.