IntelBroker is a hacker[1] and the developer of the ransomware called "Endurance" by the Five Eyes intelligence community.[2][3] They have been active on the website BreachForums since 2023 and was a member of a group called CyberNiggers.[1] A 2022 report from the United States Department of Defense Cyber Crime Center suggested that IntelBroker was an Iranian state entity, but IntelBroker has since claimed that they are a Serbian individual based in Russia.[1]

Tactics and techniques

edit

Reported cybersecurity breaches

edit

In early 2023, IntelBroker infiltrated the U.S.-based grocery chain Weee! and exposed the personal information of more than one million delivery order customers, including names, phone numbers, email addresses, and building entry codes, but not financial and payment data according to the company.[4] In March of the same year, they breached DC Health Link, an American health insurance marketplace, and exposed the contact information and Social Security numbers of some members of the United States Congress.[5]

In November 2023, IntelBroker claimed to have broken into General Electric and stolen data belonging to DARPA. They shared images of what appeared to be GE's military projects but did not share any sample files. They asked for $500 on BreachForums, an Internet discussion site, for the stolen data as well as access to GE's development and software pipelines, but there were no takers at the time. There were doubts about IntelBroker's claims, but it was also possible that GE had accidentally left parts of its network misconfigured or exposed to the intrusion. Cybersecurity professionals have noted that "IntelBroker is notorious for selling access to compromised systems," and "IntelBroker has already been responsible for a handful of high-profile attacks."[5]

In December 2023, they claimed to have obtained sensitive information about communications between the Pentagon and United States Army's Chief Information Officer (CIO) and Deputy Chief of Staff (DCS/G-6 at the time).[2]

In June 2024, IntelBroker infiltrated the computer networks of AMD and Apple Inc.[6] They also claimed to have extracted data such as client names and policy numbers from IT company Cognizant.[7]

References

edit
  1. ^ a b c "Dark Web Profile: IntelBroker". SOCRadar® Cyber Intelligence Inc. 2024-06-28. Retrieved 2024-07-17.
  2. ^ a b "Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents". hackread.com. 2023-12-07. Retrieved 2024-06-25.
  3. ^ Estes, Ryan (2022-11-17). "Endurance Ransomware Claims Breach of US Federal Government". Secplicity - Security Simplified. Retrieved 2024-07-17.
  4. ^ "Weee! Grocery Service Hacked, 1.1m Accounts Leaked". hackread.com. 2023-02-09. Retrieved 2024-07-10.
  5. ^ a b Ikeda, Scott (November 30, 2023). "Threat Actor Claims to Have Stolen DARPA Files From GE, Data Theft Remains Unconfirmed". CPO Magazine.
  6. ^ Shilov, Anton (2024-06-21). "Intelbroker claims they hacked Apple in the same week as AMD". Tom's Hardware.
  7. ^ Croft, Daniel (2024-07-01). "IntelBroker leaks alleged Cognizant data". www.cyberdaily.au. Retrieved 2024-07-17.