National Technology Co., Ltd. (Nationz Technologies), a leading Chinese semiconductor firm specializing in secure microcontrollers (MCUs), wireless RF modules, and cryptographic chips, has confirmed a devastating ransomware attack attributed to the RansomHouse group.
The breach, first reported by cybersecurity intelligence platform FalconFeedsio on February 26, 2025, resulted in the theft of 3 TB of sensitive data, including proprietary R&D blueprints, customer financial records, and industrial IoT firmware.
The incident underscores escalating cyber risks facing Asia’s semiconductor supply chain and raises critical questions about the security of embedded systems powering automotive, energy, and critical infrastructure sectors.
National Technology’s Strategic Role in China’s Semiconductor Ecosystem
Headquartered in Shenzhen, National Technology Co., Ltd. (market value: 9.7 billion RMB) has been a cornerstone of China’s “909” integrated circuit initiative since its founding in 2000.
The company’s N32 series MCUs, which won the 2021 China Automotive Electronics Science and Technology Award, are integral to smart grids, electric vehicle battery management systems, and industrial automation controllers.
With branches in Singapore, Hong Kong, and Shanghai, National Technology supplies secure chips for payment systems, biometric authentication, and IoT devices—a portfolio that generated $150 million in revenue in 2024.
RansomHouse’s Modus Operandi: Data Exfiltration Over Encryption
RansomHouse, active since March 2022, diverges from traditional ransomware groups by prioritizing data theft over encryption.
The group operates a ransomware-as-a-service (RaaS) model, leveraging third-party tools like Vatet Loader and Cobalt Strike to infiltrate networks via phishing campaigns or unpatched vulnerabilities.
Once inside, they conduct lateral movement using Remote Desktop Protocol (RDP) and deploy custom malware such as Mario ESXi for Linux systems and MrAgent for Windows environments.
Notably, RansomHouse negotiates via TOR-based chat rooms, threatening to auction stolen data on dark web forums if ransoms—typically demanded in Bitcoin—are unpaid.
In National Technology’s case, the attackers exploited a misconfigured Jenkins server (commonly used for CI/CD pipelines) to gain initial access, mirroring their 2024 breach of C-Edge Technologies’ partner Brontoo Solutions.
Over 72 hours, they exfiltrated 3 TB of data, including:
- N32G455VEL7 MCU source code (used in Xiaomi’s outdoor power storage systems)
- Trusted Platform Module (TPM) schematics for automotive clients
- Customer datasets with AES-256 encrypted financial transactions.
Technical Analysis: Vulnerabilities in Industrial IoT Stacks
Forensic investigators identified several critical gaps in National Technology’s cyber defenses:
- Insecure API endpoints in the company’s wireless RF module configuration interface, allowing unauthorized access to firmware update channels.
- Hard-coded credentials in legacy SCADA systems managing MCU production lines.
- Delayed patching of CVE-2024-24919, a privilege escalation flaw in Check Point VPNs previously exploited by Chinese state-aligned actors.
RansomHouse capitalized on these weaknesses to deploy ShadowPad, a modular backdoor linked to Chinese APT groups, which facilitated credential harvesting and lateral movement across R&D labs.
The attackers then used Rclone to exfiltrate data to cloud storage services, evading detection by fragmenting transfers into encrypted 100 MB chunks.
Broader Implications for Global Semiconductor Security
This breach follows a wave of ransomware attacks targeting Asian tech giants, including Tata Technologies (February 2025) and C-Edge Technologies (July 2024), both suppliers to national payment infrastructures.
Of particular concern is the overlap between RansomHouse’s toolsets and those of Chinese espionage groups like Mustang Panda, which Symantec recently observed collaborating with ransomware actors.
The theft of National Technology’s TPM designs—critical for securing connected vehicles and smart grids—could enable state-sponsored reverse engineering or supply chain compromises.
Expert Commentary and Path Forward
Brett Callow, threat analyst at Emsisoft, notes, “RansomHouse’s shift from Western targets to Asian semiconductor firms reflects the high value of IoT intellectual property.
A single MCU blueprint can compromise millions of deployed devices”.
To mitigate risks, the Cybersecurity Administration of China (CAC) has issued advisories urging:
- Implementation of FIDO2 multi-factor authentication for all remote access points.
- Regular audits of industrial control system (ICS) configurations using frameworks like ISA/IEC 62443.
- Adoption of homomorphic encryption for sensitive R&D data during collaborative projects.
National Technology has engaged Orange Cyberdefense and the National Computer Network Emergency Response Team (CNCERT) for remediation.
However, with RansomHouse already auctioning select datasets on Russian-language forums, the long-term fallout for China’s semiconductor ambitions remains uncertain.
Also Read:
%20(1)%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Nationz Technologies, a leading Chinese semiconductor firm specializing in secure MCUs, wireless RF modules, and cryptographic chips.){kind=link}