A notorious hacker, operating under the pseudonym 'IntelBroker,' has claimed to possess stolen data from the renowned US multinational corporation, General Electric (GE). The hacker is attempting to sell this purportedly pilfered information on the notorious Breach Forums. While the authenticity of the data remains unverified, IntelBroker alleges to have breached GE's security, gaining access to sensitive information related to the company's confidential military projects.
The hacker is advertising GE's network access for $500, alongside sensitive data reportedly acquired from DARPA, the US government's Defense Advanced Research Projects Agency. GE, originally founded by Thomas Edison, is a century-old conglomerate with a diversified portfolio encompassing renewable energy, healthcare, and aerospace.
Screenshots shared on X (formerly Twitter) indicate that IntelBroker is actively marketing the stolen data on popular marketplaces within the Clear and Dark Web. The hacker's listing includes access details such as SSH and SVN, and they claim to offer "a lot of DARPA-related military information, files, SQL files, documents etc."
IntelBroker initially attempted to sell alleged SSH and SVN access to GE's networks but encountered a lack of interested buyers. Consequently, they are now making a second attempt to sell the data to potential purchasers.
The data samples shared on the Breach Forums include SQL database files, technical descriptions and guides for aviation systems, maintenance reports, and military documents. While the authenticity of the data remains unverified, IntelBroker has a track record of involvement in significant data breaches, including a breach of personal information belonging to 170,000 individuals, which they offered for sale on the Dark Web after compromising the DC Health Benefit Exchange Authority (HBX) health insurance marketplace in March 2023.
General Electric is currently investigating the data breach and is expected to release an official statement regarding its findings.
Troy Batterberry, CEO and founder, EchoMark, shared insights on the incident and how organizations can mitigate future similar threats:
"Unfortunately, we see this every day. Highly skilled and well-funded organizations are working hard to protect their data with security stacks that include security gap discovery and analysis, EDR, Cloud security, UEBA, Identity & Access Analytics, SOAR and even ransomware killswitches, but then leave much of their most sensitive data both unprotected and readily sharable. The recent leaks of sensitive government and judicial information are just a few examples.
By digitally watermarking data and assets, organizations get several key benefits. First, they can help deter insider leaks from ever happening in the first place by motivating better stewardship of the private information. If malicious or accidental insider leaks do happen, the source can be quickly identified and remediated. In the case of a successful external attack, watermarks can help quickly identify the compromised assets for fast remediation.”
It is noteworthy that GE has been a previous victim of data breaches. In 2020, the company experienced a breach involving the loss of employee data due to a hack of third-party provider Canon Business Process Services. In early 2023, a former GE employee, Xiaoqing Zheng, received a two-year sentence for conspiring to steal aviation trade secrets and sharing them with China.
The sale of GE data on Breach Forums adds to the forum's growing list of high-profile data leaks, which recently included a scraped LinkedIn database containing 35 million user records and a database containing personal data of thousands of employees from the Idaho National Lab.
IntelBroker has gained notoriety for targeted cyberattacks against delivery services and logistics companies. Previously, this threat actor breached the US-based online grocery delivery platform Weee!, resulting in the exposure of data belonging to 1.1 million customers online.