Intelbroker

IntelBroker is a significant threat actor known for executing high-profile data breaches. The group, which could consist of a single individual or multiple persons, has been responsible for numerous cyberattacks on major corporations and government entities. IntelBroker's activities showcase a broad range of capabilities, including gaining access to confidential documents, source codes, hard-coded credentials, private keys, and more. The group's targets have included Cisco, Europol, DC Health Link, Volvo Cars, HPE, AMD, AT&T, Bank of America, Microsoft, SAP, T-Mobile, Verizon, among others. On November 17, IntelBroker, in collaboration with another threat actor known as EnergyWeaponUser, announced on BreachForums that they had stolen 44,000 customer records from Ford. This information was confirmed by the victims, who acknowledged the breach. The group often posts about their successful exploits on such forums, selling the breached data and even zero-day vulnerabilities, as seen when they offered a Jira zero-day for sale. IntelBroker's modus operandi involves targeting an organization's digital infrastructure, gaining unauthorized access, and stealing sensitive information. The group then typically publishes proof of their exploits on cybercrime forums. In the case of the Cisco breach, the company confirmed that the data IntelBroker posted online was indeed stolen from its DevHub environment. Such actions by IntelBroker underscore the substantial cybersecurity risks posed by this threat actor to both corporate and governmental entities.