Nexperia Group Faces Data Breach from Dunghill Leak Ransomware Attack

Incident Date:

April 15, 2024

World map



Nexperia Group Faces Data Breach from Dunghill Leak Ransomware Attack


Nexperia Group




Jonkerbosplein, Netherlands

, Netherlands

First Reported

April 15, 2024

Nexperia Group Targeted by Dunghill Leak Ransomware Attack

Overview of Nexperia Group

Nexperia, a prominent global semiconductor company based in the Netherlands, specializes in the development and production of essential semiconductors. The company's products are integral to electronic designs across various sectors, including automotive, industrial, mobile, and consumer applications. With a workforce of over 15,000 employees spread across Europe, Asia, and the United States, Nexperia reported a revenue of $2.36 billion in the last fiscal year, marking a 10.7% increase from the previous year. The company's growth is driven by heightened demand for its power discrete, power management, and signal conditioning products.

Details of the Ransomware Attack

The ransomware group Dunghill Leak, operated by the Dark Angels Team, has claimed responsibility for a significant cyber attack on Nexperia Group. The attackers managed to exfiltrate approximately 1 TB of sensitive data, including quality control, client information, project data, industrial production instructions, competitive assessments, and detailed employee records. This data breach poses severe risks to Nexperia's intellectual property and operational security.


The stolen data encompasses a broad spectrum of Nexperia's operational and strategic frameworks, which could severely impact its competitive edge and market position. The exposure of such detailed information not only threatens the confidentiality and integrity of Nexperia's products but also jeopardizes the privacy and security of its clients and employees.

The Ransomware Group Dunghill Leak

Dunghill Leak, a nascent yet aggressive ransomware group, has been involved in multiple high-profile attacks since its emergence in 2023. Known for their double extortion tactics, the group has previously targeted major corporations, demanding ransoms presumably based on the victims' cyber insurance coverage. Their technical capabilities include the use of a custom encryptor developed from stolen Babuk ransomware source code, alongside adaptations of Ragnar Locker ransomware.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.