Draft:IntelBroker

IntelBroker is a hacker^[1] and the developer of the ransomware called "Endurance" by the Five Eyes intelligence community.^[2]^[3] They have been active on the website BreachForums since 2023 and was a member of a group called CyberNiggers.^[1] A 2022 report from the United States Department of Defense Cyber Crime Center (DC3) suggested that IntelBroker was an Iranian state entity, but IntelBroker has since claimed that they are a Serbian individual based in Russia.^[1]

History

According to SOCRadar, in 2023 IntelBroker joined CyberNiggers, a racist cybercrime group on BreachForums, and orchestrated the group's most significant cyberattacks during that period. Similar attacks continued to be carried out by other members of the group before it became inactive. After 2023 IntelBroker no longer appears to be engaged in ransomware activities.^[1]

Modus operandi

IntelBroker appears to be motivated by financial gains and geopolitical reasons. The 2022 DC3 report noted similarities between malware developed by IntelBroker and the Shamoon computer virus that erases data stored by its victim.^[1]

After breaching their target, IntelBroker tries to establish persistent access by running unauthorized commands and manipulating system accounts. They may obfuscate malicious files or escalate their access privileges to make it difficult for security software to defend the compromised network effectively. IntelBroker typically tries to sell this access first, which can be used to facilitate other malicious activities. Eventually they may also attempt to expand their access to the network using compromised credentials, discover and extract more of the victim's data in order to sell them on the black market.^[1]

Reported cybersecurity breaches

Most of IntelBroker's targets are U.S.-based. They infiltrated a database containing 2.5 million records and 1.9 million emails via the Los Angeles International Airport's customer relationship management system. They have also accessed data from the U.S. Immigration and Customs Enforcement and the United States Citizenship and Immigration Services, including information of more than 100,000 U.S. citizens. Other targets of IntelBroker included Hewlett Packard Enterprise, AT&T, Verizon, Barclays, HSBC, Accor, Home Depot, Facebook, and various U.S. government agencies.^[1]

In early 2023, IntelBroker infiltrated the U.S.-based grocery chain Weee! and exposed the personal information of more than one million delivery order customers, including names, phone numbers, email addresses, and building entry codes, but not financial and payment data according to the company.^[4] In March of the same year, they breached DC Health Link, an American health insurance marketplace, and exposed the contact information and Social Security numbers of some members of the United States Congress.^[5]

In November 2023, IntelBroker claimed to have broken into General Electric and stolen data belonging to DARPA. They shared images of what appeared to be GE's military projects but did not share any sample files. They asked for $500 on BreachForums, an Internet discussion site, for the stolen data as well as access to GE's development and software pipelines, but there were no takers at the time. There were doubts about IntelBroker's claims, but it was also possible that GE had accidentally left parts of its network misconfigured or exposed to the intrusion. Cybersecurity professionals have noted that "IntelBroker is notorious for selling access to compromised systems," and "IntelBroker has already been responsible for a handful of high-profile attacks."^[5]

In December 2023, they claimed to have obtained sensitive information about communications between the Pentagon and the United States Army's Chief Information Officer (CIO) and Deputy Chief of Staff (DCS/G-6 at the time).^[2]

In May 2024, IntelBroker claimed that they had compromised employee information, FOUO source code, and operational guidelines of Europol and had breached the computer networks of Zscaler.^[1]

In June 2024, IntelBroker infiltrated the computer networks of AMD and Apple Inc.^[6] They claimed to have exposed internal tools such as AppleConnect-SSO, Apple-HWE-Confluence-Advanced, AppleMacroPlugin, as well as AMD's future product details, spec sheets, customer databases, source code, firmware, and employee information.^[1] They also claimed to have extracted data such as client names and policy numbers from IT company Cognizant.^[7]

In November 2024, IntelBroker reportedly breached Nokia.^[8]^[9] In December, they pilfered data from Cisco.^[10]^[11]^[12]

References

^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ "Dark Web Profile: IntelBroker". SOCRadar® Cyber Intelligence Inc. 2024-06-28. Retrieved 2024-07-17.
^ ^a ^b "Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents". hackread.com. 2023-12-07. Retrieved 2024-06-25.
^ Estes, Ryan (2022-11-17). "Endurance Ransomware Claims Breach of US Federal Government". Secplicity - Security Simplified. Retrieved 2024-07-17.
^ "Weee! Grocery Service Hacked, 1.1m Accounts Leaked". hackread.com. 2023-02-09. Retrieved 2024-07-10.
^ ^a ^b Ikeda, Scott (November 30, 2023). "Threat Actor Claims to Have Stolen DARPA Files From GE, Data Theft Remains Unconfirmed". CPO Magazine.
^ Shilov, Anton (2024-06-21). "Intelbroker claims they hacked Apple in the same week as AMD". Tom's Hardware.
^ Croft, Daniel (2024-07-01). "IntelBroker leaks alleged Cognizant data". www.cyberdaily.au. Retrieved 2024-07-17.
^ Winder, Davey. "As Hacker Gives Stolen Data Away, Nokia Issues New Denial Statement". Forbes. Retrieved 2025-01-09.
^ "Nokia breached? IntelBroker claims haul of source code". Archived from the original on 2024-11-19. Retrieved 2025-01-13.
^ published, Solomon Klappholz (2024-12-20). "IntelBroker leaks 2.9 TB of exposed Cisco records – and there's more to come". ITPro. Retrieved 2025-01-09.
^ Klappholz, Solomon (2024-12-20). "IntelBroker leaks 2.9 TB of exposed Cisco records – and there's more to come". ITPro. Retrieved 2025-01-13.
^ "Cisco claimed to be compromised by IntelBroker". SC Media. 2024-10-15. Retrieved 2025-01-13.

[:2-1] ^ ^a ^b ^c ^d ^e ^f ^g ^h ⁱ "Dark Web Profile: IntelBroker". SOCRadar® Cyber Intelligence Inc. 2024-06-28. Retrieved 2024-07-17.

[:1-2] "Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents". hackread.com. 2023-12-07. Retrieved 2024-06-25.

[3] Estes, Ryan (2022-11-17). "Endurance Ransomware Claims Breach of US Federal Government". Secplicity - Security Simplified. Retrieved 2024-07-17.

[4] "Weee! Grocery Service Hacked, 1.1m Accounts Leaked". hackread.com. 2023-02-09. Retrieved 2024-07-10.

[:0-5] Ikeda, Scott (November 30, 2023). "Threat Actor Claims to Have Stolen DARPA Files From GE, Data Theft Remains Unconfirmed". CPO Magazine.

[6] Shilov, Anton (2024-06-21). "Intelbroker claims they hacked Apple in the same week as AMD". Tom's Hardware.

[7] Croft, Daniel (2024-07-01). "IntelBroker leaks alleged Cognizant data". www.cyberdaily.au. Retrieved 2024-07-17.

[8] Winder, Davey. "As Hacker Gives Stolen Data Away, Nokia Issues New Denial Statement". Forbes. Retrieved 2025-01-09.

[9] "Nokia breached? IntelBroker claims haul of source code". Archived from the original on 2024-11-19. Retrieved 2025-01-13.

[10] ublished, Solomon Klappholz (2024-12-20). "IntelBroker leaks 2.9 TB of exposed Cisco records – and there's more to come". ITPro. Retrieved 2025-01-09.

[11] Klappholz, Solomon (2024-12-20). "IntelBroker leaks 2.9 TB of exposed Cisco records – and there's more to come". ITPro. Retrieved 2025-01-13.

[12] "Cisco claimed to be compromised by IntelBroker". SC Media. 2024-10-15. Retrieved 2025-01-13.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

Fahrer / Team für die Suche eingeben: