Lindex Group, an international retail giant specializing in high-quality fashion, has reportedly fallen victim to a data breach. According to claims made by threat actor IntelBroker on dark web forums, the Lindex Group data breach allegedly occurred in June 2024, targeting Lindex Group's internal GitLab. The perpetrator allegedly exploited vulnerabilities stemming from developers storing credentials in their Jira workplace, thereby gaining access to a collection of source code belonging to the company. Lindex Group, which has been a part of the Finnish Stockmann Group since 2007, operates approximately 480 stores across 18 markets, including the Nordic countries, the Baltic states, Central Europe, and the Middle East. With a workforce of around 5,000 employees, the company holds a prominent position in the retail industry, focusing on an omnichannel approach to fashion retailing.

Decoding IntelBroker’s Claims of Lindex Group Data Breach

[caption id="attachment_78687" align="alignnone" width="1242"] Source: X[/caption] The claims made by IntelBroker on the dark web suggest that the compromised source code of Lindex Group is now accessible through undisclosed channels, although specific details such as the price for access or direct communication channels have not been publicly disclosed. The situation has prompted concerns about the potential impact on Lindex Group's operations and the security of its customers' data. Despite these reports, Lindex Group has yet to issue an official statement or response regarding the alleged breach. The Cyber Express has reached out to the organization to learn more about this the breach claims. However, at the time of this, no official statement or response has been received. Visitors to Lindex Group's website may find it operational without immediate signs of intrusion, suggesting that the attack may have targeted backend systems rather than initiating a more visible front-end assault like a Distributed Denial-of-Service (DDoS) attack or website defacements.

IntelBroker Hacking Spree

IntelBroker, the solo hacker claiming responsibility for the breach, has a history of similar actions, having previously claimed involvement in cybersecurity incidents affecting other major companies. One notable example includes an alleged data breach targeting Advanced Micro Devices (AMD), a leading semiconductor manufacturer, and Apple was another alleged victim. The incident, disclosed on platforms like BreachForums, involved the exposure of sensitive data, prompting AMD to initiate investigations in collaboration with law enforcement authorities and third-party cybersecurity experts. The situation highlights the persistent nature of hackers like IntelBroker, who continue to exploit vulnerabilities in digital infrastructure for financial gain or malicious intent. For organizations like Lindex Group, the fallout from such breaches can encompass not only financial losses but also reputational damage and regulatory scrutiny. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile.

The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com certifications, and “Siloprograms.” (We’ve not heard of siloprograms, and can’t find a reference to them anywhere, so perhaps it’s a mistranslation or typo.)

To prove they had the data, IntelBroker posted several screenshots showing access with administrative privileges to a Confluence server and T-Mobile’s internal Slack channels for developers.

But according to sources known to BleepingComputer, the data shared by IntelBroker actually consists of older screenshots. These screenshots show T-Mobile’s infrastructure, posted at a known—yet unnamed—third-party vendor’s servers, from where they were stolen.

When we looked at the screenshots IntelBroker attached to their post, we spotted something interesting in one of them.

This screenshot shows a search query for a critical vulnerability in Jira, a project management tool used by teams to plan, track, release and support software. It’s typically a place where you could find the source code of works in progress.

The search returns the result CVE-2024-1597, a SQL injection vulnerability. SQL injection happens when a cybercriminal injects malicious SQL code into a form on a website, such as a login page, instead of the data the form is asking for. The vulnerability affects Confluence Data Center and Server according to Atlassian’s May security bulletin.

For a better understanding, it’s important to note that Jira and Confluence are both products created by Atlassian, where Jira is the project management and issue tracking tool and Confluence is the collaboration and documentation tool. They are often used together.

If IntelBroker has a working exploit for the SQL injection vulnerability, this could also explain their claim that they have the source code of three internal tools used at Apple, including a single sign-on authentication system known as AppleConnect.

This theory is supported by the fact that IntelBroker is also offering a Jira zero-day for sale.

“I’m selling a zero-day RCE for Atlassian’s Jira.

Works for the latest version of the desktop app, as well as Jira with confluence.

No login is required for this, and works with Okta SSO.”

If this is true then this exploit, or its fruits, might be used for data breaches that involve personal data.

Meanwhile, T-Mobile has denied it has suffered a breach, saying it is investigating whether there has been a breach at a third-party provider.

“We have no indication that T-Mobile customer data or source code was included and can confirm that the bad actor’s claim that T-Mobile’s infrastructure was accessed is false.”

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

The U.S. Army Aviation and Missile Command (AMCOM), based at Redstone Arsenal, Alabama, has been spotlighted following an alleged data breach claimed by a prolific dark web hacker. The AMCOM data breach, announced by the threat actor on June 16, 2024, but occurring in August 2023, involved the unauthorized release of critical documents related to key military aircraft. The US Army Aviation and Missile Command (AMCOM) plays a pivotal role in supporting the U.S. Army by managing the development, acquisition, and sustainment of aviation and missile systems. It ensures the operational readiness of these systems, provides logistical support and maintains the supply chain critical for defense operations.

Decoding the AMCOM Data Breach Claims

The AMCOM data leak, disclosed on BreachForums by a user known as IntelBroker, exposed detailed technical documents and images about the Boeing CH-47F Chinook and Sikorsky H-60 Black Hawk helicopters. IntelBroker, a moderator on the platform, claimed responsibility for the leak, stating, "Today, I'm releasing the U.S. Army Aviation and Missile Command data breach." The Cyber Express reached out to the U.S. Army Aviation and Missile Command to learn more about the authenticity of the AMCOM data breach. However, at the time of writing this, no official statement or response has been received, leaving the claims for the AMCOM data leak unconfirmed right now.  Moreover, the AMCOM website appears operational, suggesting the breach may have targeted specific backend systems rather than impacting public-facing services like DDoS attacks or website defacements.

IntelBroker and the Recent Exploits 

IntelBroker, a notorious threat actor known for orchestrating multiple high-profile data breaches, recently claimed responsibility for infiltrating Apple's security infrastructure. This assertion follows their previous claims of breaching organizations like Advanced Micro Devices (AMD), where sensitive data such as customer databases and source code was compromised. The cybercriminal has a track record of targeting prominent entities such as government agencies like Europol and the U.S. State Department, as well as major corporations including Barclays Bank, Facebook Marketplace, and Home Depot. In the latest incident, IntelBroker purportedly accessed the source code of three internal tools utilized by Apple: AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin. While Apple has not confirmed the breach, reports from tech news outlets detailed claims made on BreachForums suggesting a June 2024 data breach on Apple.com facilitated by IntelBroker. The threat actor's activities highlight the ongoing challenges in cybersecurity, highlighting vulnerabilities across diverse sectors and institutions globally. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Threat actor IntelBroker, notorious for a series of daring cyberattacks, has resurfaced with claims of orchestrating a data breach of Apple’s website. The TA allegedly has gained access to internal source code of three popular tools of Apple.com. This claim comes just a day after IntelBroker claimed to have orchestrated a data breach of another tech giant, Advanced Micro Devices (AMD).

Decoding Apple Data Breach Claims

Per the available information, IntelBroker allegedly breached Apple’s security in June 2024 and has managed to lay hands on the internal source code of three commonly used Apple tools, namely, AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin. The information was posted by the threat actor on BreachForums, a high-profile platform for trading stolen data and hacking tools. “I'm releasing the internal source code to three of Apple's commonly used tools for their internal site, thanks for reading and enjoy!” the TA posted. AppleConnect is the Apple-Specific Single Sign-On (SSO) and authentication system that allows a user to access certain applications inside Apple's network. Apple-HWE-Confluence-Advanced might be used for team projects or to share some information inside the company, and AppleMacroPlugin is presumably an application that facilitates certain processes in the company. Apple has not yet responded to the alleged data breach by IntelBroker or the leaked code. However, if the data breach occurred as claimed, it may lead to the exposure of important information that could be sensitive to the workings and operations of Apple. If legitimate, this breach could compromise Apple's internal operations and workflow. Leaked source code could expose vulnerabilities and inner workings of these tools. The Cyber Express has reached out to Apple to learn more about the potential data breach. However, at the time of publication, no official statement or response has been received, leaving the claims for the Apple data leak unconfirmed for now. The article will be updated as soon as we receive a response from the tech giant.

Previous Attacks by IntelBroker

The alleged data breach at Apple could prove significant considering the history of the threat actor. IntelBroker is believed to be a mature threat actor and is known to have been responsible for high-profile intrusions in the past. On June 18th, 2024, chipmaker AMD acknowledged that they were investigating a potential data breach by IntelBroker. The attacker claimed to be selling stolen AMD data, including employee information, financial documents, and confidential information. Last month, the threat actor is believed to have breached data of European Union’s law enforcement agency, Europol’s Platform for Experts (EPE). Some of the other organizations that the attacker is believed to have breached data include Panda Buy, Home Depot, and General Electric. The hacker also claimed to have targeted US Citizenship and Immigration Services (USCIS) and Facebook Marketplace.

Apple's Security Posture

Apple prides itself on its robust security measures and user privacy. However, the company has faced security threats in the past. In December 2023, Apple released security updates to address vulnerabilities in various Apple products, including iOS, iPadOS, macOS, tvOS, watchOS, and Safari. One critical vulnerability patched allowed attackers to potentially inject keystrokes by mimicking a keyboard. This incident highlights the importance of keeping software updated to mitigate security risks. In November 2023, there were reports of a state-sponsored attack targeting Apple iOS devices used in India. While details about this attack remain scarce, it serves as a reminder that even Apple devices are susceptible to cyberattacks.

Looking Ahead

The situation with IntelBroker's claims is ongoing. If the leak is verified, Apple will likely need to take steps to mitigate the potential damage. This could involve patching vulnerabilities in the leaked code and improving internal security measures. It is important to note that these are unconfirmed reports at this stage. However, they serve as a stark reminder of the ever-evolving cyber threat landscape. Apple, and all tech companies for that matter, must constantly work to stay ahead of determined attackers like IntelBroker. For users, it is a reminder to be vigilant about potential phishing attempts or malware that could exploit these alleged vulnerabilities. Keeping software updated and practicing good cyber hygiene are crucial steps for protecting yourself online.

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

The post AMD Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.

The notorious threat actor known as Intelbroker claims to have orchestrated a massive data breach of Advanced Micro Devices (AMD), a top player in the semiconductor industry. The unconfirmed AMD data breach, disclosed on the notorious BreachForums site, shared details of the intrusion, with multiple data samples shared to the dark web forum users.  Between these speculations, AMD officials released a statement that it is investigating claims of a data breach by a cybercriminal organization. "We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data," the chipmaker told Reuters.

Decoding the AMD Data Breach Claims by Intelbroker

Intelbroker claims the AMD data leak encompasses a vast array of sensitive information from AMD's databases. This includes detailed data on future AMD products, specification sheets, customer databases, property files, ROMs, source code, firmware, financial records, and comprehensive employee data such as user IDs, full names, job functions, phone numbers, and email addresses. [caption id="attachment_77588" align="alignnone" width="926"] Source: Dark Web[/caption] Samples of the stolen data shared by Intelbroker highlight the potential severity of the AMD data leak. Screenshots and snippets from AMD's internal systems, allegedly obtained by the threat actor, provide a glimpse into the breadth and depth of the compromised information. Such disclosures not only highlight the possible extent of the intrusion but also highlight potential vulnerabilities within AMD's cybersecurity infrastructure. The incident is not the first time AMD has faced a cybersecurity challenge. In 2022, the company was reportedly targeted by the RansomHouse hacking group, which claimed responsibility for extracting data from AMD's networks. The 2022 breach, similar to the current incident, prompted AMD to launch an extensive investigation to assess the breach's impact and fortify its defenses against cyber threats.

Intelbroker's Modus Operandi

Intelbroker, the alleged perpetrator behind the new AMD data breach, has gained notoriety for a series of high-profile cyber intrusions targeting diverse organizations. Operating as a lone actor, Intelbroker has a documented history of penetrating critical infrastructure, major tech corporations, and government contractors. The hacker's actions suggest a sophisticated approach to exploiting vulnerabilities and accessing sensitive information. In previous instances, the hacker has claimed responsibility for breaches at institutions like the Los Angeles International Airport and Acuity, a U.S. federal technology consulting firm.

Data Samples and Technical Details

The data shared by Intelbroker includes technical specifications, product details, and internal communications purportedly from AMD's secure servers. These samples, posted on breach forums, reportedly reveal intricate details about AMD's upcoming products, financial documents, and proprietary software codes. Such disclosures not only could compromise AMD's competitive advantage but also raise concerns about intellectual property theft and corporate espionage. Technical codes and alphanumeric sequences, allegedly extracted from AMD's databases, have been posted alongside screenshots on BreachForums. These snippets, though cryptic to the untrained eye, contain critical information about AMD's internal systems and operational protocols. The exposure of such technical data could pose significant risks to AMD's reputation and operational integrity.

Response and Investigation

The Cyber Express has reached out to AMD to learn more about the potential data breach. However, at the time of publication, no official statement or response has been received, leaving the claims for the AMD data leak unconfirmed for now. Moreover, the official AMD website seems to be operational at the moment and doesn’t show any immediate sign of a cyberattack. The hacker could possibly have targeted the backend of the website or the databases instead of launching a front-end assault like a DDoS or a website defacement. AMD's response strategy will likely involve comprehensive forensic analysis, collaboration with cybersecurity agencies, and the implementation of enhanced security measures to mitigate future risks.

Previous Cyber Incidents Linked to Intelbroker

Intelbroker has demonstrated massive cyber operations beyond the alleged AMD data breach, targeting multinational corporations, government entities, and prominent tech firms globally. Notable breaches attributed to Intelbroker include infiltrations at Los Angeles International Airport (LAX), compromising millions of records encompassing personal and flight details. The hacker also accessed sensitive data from U.S. federal agencies via Acuity, exposing vulnerabilities in government IT systems. Furthermore, Intelbroker claimed responsibility for a cyberattack on Shoprite, Africa's largest retailer, highlighting their widespread impact. These incidents highlight Intelbroker's skill at exploiting security vulnerabilities to extract valuable data, posing significant challenges to affected organizations and cybersecurity professionals. The motivations driving Intelbroker's cyber activities range from financial gain through selling stolen data on dark web platforms to potential geopolitical agendas aimed at disrupting critical infrastructure and corporate operations. The Cyber Express will update readers as we get more information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.