Threat actor IntelBroker, notorious for a series of daring cyberattacks, has resurfaced with claims of orchestrating a data breach of Apple’s website. The TA allegedly has gained access to internal source code of three popular tools of Apple.com. This claim comes just a day after IntelBroker claimed to have orchestrated a data breach of another tech giant, Advanced Micro Devices (AMD).

Decoding Apple Data Breach Claims

Per the available information, IntelBroker allegedly breached Apple’s security in June 2024 and has managed to lay hands on the internal source code of three commonly used Apple tools, namely, AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin. The information was posted by the threat actor on BreachForums, a high-profile platform for trading stolen data and hacking tools. “I'm releasing the internal source code to three of Apple's commonly used tools for their internal site, thanks for reading and enjoy!” the TA posted. AppleConnect is the Apple-Specific Single Sign-On (SSO) and authentication system that allows a user to access certain applications inside Apple's network. Apple-HWE-Confluence-Advanced might be used for team projects or to share some information inside the company, and AppleMacroPlugin is presumably an application that facilitates certain processes in the company. Apple has not yet responded to the alleged data breach by IntelBroker or the leaked code. However, if the data breach occurred as claimed, it may lead to the exposure of important information that could be sensitive to the workings and operations of Apple. If legitimate, this breach could compromise Apple's internal operations and workflow. Leaked source code could expose vulnerabilities and inner workings of these tools. The Cyber Express has reached out to Apple to learn more about the potential data breach. However, at the time of publication, no official statement or response has been received, leaving the claims for the Apple data leak unconfirmed for now. The article will be updated as soon as we receive a response from the tech giant.

Previous Attacks by IntelBroker

The alleged data breach at Apple could prove significant considering the history of the threat actor. IntelBroker is believed to be a mature threat actor and is known to have been responsible for high-profile intrusions in the past. On June 18th, 2024, chipmaker AMD acknowledged that they were investigating a potential data breach by IntelBroker. The attacker claimed to be selling stolen AMD data, including employee information, financial documents, and confidential information. Last month, the threat actor is believed to have breached data of European Union’s law enforcement agency, Europol’s Platform for Experts (EPE). Some of the other organizations that the attacker is believed to have breached data include Panda Buy, Home Depot, and General Electric. The hacker also claimed to have targeted US Citizenship and Immigration Services (USCIS) and Facebook Marketplace.

Apple's Security Posture

Apple prides itself on its robust security measures and user privacy. However, the company has faced security threats in the past. In December 2023, Apple released security updates to address vulnerabilities in various Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. One critical vulnerability patched allowed attackers to potentially inject keystrokes by mimicking a keyboard. This incident highlights the importance of keeping software updated to mitigate security risks. In November 2023, there were reports of a state-sponsored attack targeting Apple iOS devices used in India. While details about this attack remain scarce, it serves as a reminder that even Apple devices are susceptible to cyberattacks.

Looking Ahead

The situation with IntelBroker's claims is ongoing. If the leak is verified, Apple will likely need to take steps to mitigate the potential damage. This could involve patching vulnerabilities in the leaked code and improving internal security measures. It is important to note that these are unconfirmed reports at this stage. However, they serve as a stark reminder of the ever-evolving cyber threat landscape. Apple, and all tech companies for that matter, must constantly work to stay ahead of determined attackers like IntelBroker. For users, it is a reminder to be vigilant about potential phishing attempts or malware that could exploit these alleged vulnerabilities. Keeping software updated and practicing good cyber hygiene are crucial steps for protecting yourself online.