IntelBroker Strikes Again: Unauthorized Access to Two Major American Companies Up for Sale

Raffaela Crisci : 24 July 2024 18:35

IntelBroker strikes again, announcing the sale of unauthorized access to two major American companies, each with revenues reaching hundreds of billions. This announcement was made public through a post on the dark web forum, BreachForums, known for selling illicit data and hacking services.

The threat actor is capable of obtaining and offering access to high-profile systems, making them a threat to companies. They also use double extortion tactics, threatening to publicly disclose stolen data.

Sale Details

According to IntelBroker, the offered access includes a wide range of systems and sensitive resources, including:

• Bitbucket
• AWS S3 (Amazon Simple Storage Service)
• AWS Cognito
• SSH (Secure Shell)
• Software Signing Keys
• Certificates
• AWS API

Supporta RHC acquistando il Corso CTI:

Supporta RHC attraverso:

• L'acquisto del fumetto sul Cybersecurity Awareness
• Seguendo RHC su WhatsApp
• Seguendo RHC su Telegram
• Scarica gratuitamente "Dark Mirror", il report sul ransomware di Dark Lab

Image of the Post Found on the Dark Web

Additionally, the seller claims to have already extracted a significant amount of valuable information from these companies. If they lose access to the compromised systems or fail to sell the credentials, they have threatened to publicly disclose the sensitive information of the two involved companies.

This “double extortion” strategy involves disclosing sensitive data and details about compromised corporate systems on public or dark web forums. Such an action could cause severe reputational and financial damage to the involved companies, jeopardizing customer and investor trust. Additionally, publishing the data could facilitate further attacks by other threat actors, thereby increasing the risk and potential damage to the companies. This threat is used as leverage to pressure compromised companies and potential buyers to maximize the profit for the cybercriminal.

IntelBroker specified that transactions will only be made using Monero (XMR), a cryptocurrency known for its privacy features. Additionally, only users with established reputations and ranks within the BreachForums community will be considered for purchasing access.

Financial Scope

The involved companies are leaders in their respective sectors, with significant revenues making them high-profile targets:

• Company 1: With a revenue of $120 billion.
• Company 2: Even larger, with revenues reaching $140 billion.

These figures underscore the gravity of the breach, as companies of this size possess critical data and resources essential for their daily operations. A compromise of this magnitude not only threatens their internal security but also has the potential to destabilize relationships with customers, suppliers, and investors.

The economic implications of the breach are significant. The disclosure of sensitive data could undermine investor and business partner confidence, negatively affecting stock value and corporate reputation. Additionally, the involved companies may face high costs for data recovery, system protection, and crisis management. Legal and regulatory sanctions pose further risk, with potentially hefty fines for failing to protect information. Finally, a breach of this scale could influence the entire sector, prompting competitors and partners to reassess their security policies and contractual relationships.

Key Concerns Raised by the Offered Access Include:

• Data Integrity: Access to Bitbucket and AWS S3 could compromise data and source codes, affecting software development processes and cloud infrastructure.
• Authentication and Security: Access to software signing keys and certificates could compromise the validity of corporate applications and communications.
• Operational Disruption: Access to AWS Cognito and AWS API could enable significant disruptions to operational activities and service continuity.

Conclusion

This announcement has highlighted the urgency of strengthening cybersecurity measures within large companies and underscored the need to proactively monitor dark web forums to prevent “exploitation.” It is essential for the involved companies to assess the potential impact and take immediate actions to mitigate the risks associated with compromised access.

The sale of access by IntelBroker represents a significant threat; organizations must remain vigilant and proactive in responding quickly to protect their critical assets and maintain operational integrity.

As is our custom, we always leave room for a statement from the company should they wish to provide us with updates on the matter. We would be happy to publish such information with a specific article highlighting the issue.

RHC Dark Lab will monitor the evolution of the situation in order to publish further news on the blog, should there be substantial updates. If there are individuals with knowledge of the facts who wish to provide information anonymously, they can use the whistleblower’s encrypted email.

This article has been compiled based on public information that has not yet been verified by the respective organizations. We will update our readers as more details become available.

Raffaela Crisci
Member of the Dark Lab group. Computer Engineer graduated with honors from the University of Sannio, with specialization in Cyber Security. Expert in Cyber Threat Intelligence with experience in a leading multinational company. Strong discipline and organizational skills developed through sports