Confidential logins, SMTP access, password keys, certificates, and much more were stolen.
In the information space, there were reports of a serious cyber incident. The hacker, known under the pseudonym "IntelBroker", claims that he managed to penetrate the systems of one of the world's leading cybersecurity companies with an annual revenue of $ 1.8 billion.
IntelBroker posted an ad on the well-known cybercriminal forum BreachForums, offering to sell access to sensitive data and systems of the affected company for $ 20 thousand in Monero (XMR) cryptocurrency. At the same time, the name of the affected company itself was not disclosed by the hacker, apparently so that it did not have time to take protective measures before selling the data.
Screenshot of a post from the hacker forum BreachForums
Among the stolen information, as stated, are SSL keys, access to the mail transfer protocol (SMTP), confidential logs containing credentials, and access to Pointer Auth Authentication, which may relate to ARM Pointer authentication.
The hacker stated that he would provide additional information only after contacting potential buyers and agreed to use the services of an intermediary or escrow service for the transaction. IntelBroker also requires buyers to confirm the availability of funds and restricts sales only to forum members with a high reputation.
Since its introduction to the hacker community in October 2022, IntelBroker has been implicated in a number of high-profile data breaches, including DC Health Link, General Electric, Hewlett Packard Enterprise, Los Angeles International Airport, and US government contractor Acuity. Thus, a cybercriminal has a certain positive reputation on hacker forums, and his statements, to one degree or another, can even be trusted.
The incident highlights a potential vulnerability even in the systems of leading cybersecurity companies. If the information about the penetration is confirmed, the consequences can be significant not only for the company itself, but also for its customers, as well as for the entire cybersecurity industry.
Zscaler, which apparently fits IntelBroker's description, has already launched an investigation to find out if its systems are affected. According to the company's security updates page, preliminary results showed that a certain isolated environment was detected on one of the company's servers, which "was not hosted in the Zscaler infrastructure and did not have a connection to Zscaler environments", but, nevertheless, was accessible from the Internet. "The test environment has been taken offline for expert analysis."
As of the morning of May 9, the company assures customers that no impact was made on its client, production and corporate environment, but Zscaler just in case attracted a third-party incident response organization, which launched its own independent investigation.
It's unclear whether IntelBroker really had Zscaler in mind when announcing the sale of access, or whether it's just a coincidence that the company discovered "an isolated environment accessible from the Internet." Probably, later we will hear more high-profile information related to this story, and we will definitely tell you about it.
In the information space, there were reports of a serious cyber incident. The hacker, known under the pseudonym "IntelBroker", claims that he managed to penetrate the systems of one of the world's leading cybersecurity companies with an annual revenue of $ 1.8 billion.
IntelBroker posted an ad on the well-known cybercriminal forum BreachForums, offering to sell access to sensitive data and systems of the affected company for $ 20 thousand in Monero (XMR) cryptocurrency. At the same time, the name of the affected company itself was not disclosed by the hacker, apparently so that it did not have time to take protective measures before selling the data.
Screenshot of a post from the hacker forum BreachForums
Among the stolen information, as stated, are SSL keys, access to the mail transfer protocol (SMTP), confidential logs containing credentials, and access to Pointer Auth Authentication, which may relate to ARM Pointer authentication.
The hacker stated that he would provide additional information only after contacting potential buyers and agreed to use the services of an intermediary or escrow service for the transaction. IntelBroker also requires buyers to confirm the availability of funds and restricts sales only to forum members with a high reputation.
Since its introduction to the hacker community in October 2022, IntelBroker has been implicated in a number of high-profile data breaches, including DC Health Link, General Electric, Hewlett Packard Enterprise, Los Angeles International Airport, and US government contractor Acuity. Thus, a cybercriminal has a certain positive reputation on hacker forums, and his statements, to one degree or another, can even be trusted.
The incident highlights a potential vulnerability even in the systems of leading cybersecurity companies. If the information about the penetration is confirmed, the consequences can be significant not only for the company itself, but also for its customers, as well as for the entire cybersecurity industry.
Zscaler, which apparently fits IntelBroker's description, has already launched an investigation to find out if its systems are affected. According to the company's security updates page, preliminary results showed that a certain isolated environment was detected on one of the company's servers, which "was not hosted in the Zscaler infrastructure and did not have a connection to Zscaler environments", but, nevertheless, was accessible from the Internet. "The test environment has been taken offline for expert analysis."
As of the morning of May 9, the company assures customers that no impact was made on its client, production and corporate environment, but Zscaler just in case attracted a third-party incident response organization, which launched its own independent investigation.
It's unclear whether IntelBroker really had Zscaler in mind when announcing the sale of access, or whether it's just a coincidence that the company discovered "an isolated environment accessible from the Internet." Probably, later we will hear more high-profile information related to this story, and we will definitely tell you about it.
