Draft:IntelBroker 2

Black-hat Hacker

Review waiting, please be patient. This may take 3 months or more, since drafts are reviewed in no specific order. There are 2,572 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · IntelBroker 2 (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Bing, Wikipedia) · Submitted 27 hours ago by CitrusHemlock (talk: D · +) · Last edited 11 hours ago by CitrusHemlock

IntelBroker
Nationality	Serbian
Known for	Hacking several government agencies and corporations

IntelBroker is a Serbian black hat hacker active since October 2022, who has committed several high-profile cyber attacks. Their targets have included Europol, Pandabuy, and Apple, with over 80 sales and leaks of compromised data having been traced to them. They claim to be currently residing in Russia for security reasons.

Description

IntelBroker first began activities in October 2022, hacking minor organizations, but only gained notoriety in 2023 after an attack on the food delivery service "Weee!".^[1][2] After their initial string of attacks, they were speculated to be a highly skilled team, possibly an Iranian Persistent Threat Group, however an interview with The Cyber Express revealed that they were a single person. In the same interview they revealed several personal details, such as that they are Serbian, and that they currently live in Russia for safety reasons.^[3] IntelBroker is an active moderator of the cybercrime forum BreachForums, and often contributes to the racist hacking group CyberNiggers.^[2] As of June 2024, they had posted over 80 separate leaks and sales of compromised information on BreachForums, with IntelBroker claiming that they had sold the information of over 400 organizations.^[3]

Modus operandi

IntelBroker has used a wide range of tactics to enter secured systems, such as exploiting leaked credentials and exploiting organizations public facing applications. Once inside, they remain for an extended period of time, escalating privileges and acquiring data. Finally, they ransom, sell, or leak the data, often on BreachForums.^[4][3]

Endurance ransomware

IntelBroker created a unique ransomware strain written in C# known as Endurance, which has its source code publicly available on their GitHub page. While labeled as ransomware, the software overwrites and then deletes all targeted files.^[4] Endurance was confirmed by the Department of Defense Cyber Crime Center to have been used by IntelBroker to hack several U.S. government agencies.^[5] They speculated that Endurance was related to the Shamoon wiping software sometimes used by Iranian Hackers, which IntelBroker has denied.^[3]

Notable attacks

Acuity

In April 2024, IntelBroker announced that they and black-hat hacker Sanggiero had hacked Acuity, a technology contractor for the U.S. government, and subsequently obtained confidential information belonging to the Five Eyes intelligence organization and the United States military. A vast majority of the information had been stored in a GitHub repository by Acuity, which IntelBroker was able to access.^[6][7] The information included confidential communications and documents between Five Eyes members, and the contact information for several U.S. government and military officials.^[8] Sanggiero claimed that the breach had taken place on March 7, a month before the information was leaked.^[9] After an investigation, Acuity determined that the leaked data was old and non-sensitive.^[10]

Pandabuy

On March 31, 2024, IntelBroker assisted Sangierro in a hack of the Chinese e-commerce website Pandabuy, with user data sold the database on BreachForum for a small "symbolic" bitcoin payment.^[11][12] The information had been initially ransomed to Pandabuy for an unknown amount of money, but after it was payed the leak was still released.^[13][14] IntelBroker and Sangierro claimed that the leak contained the names, contact details, orders, and addresses of over 3 millions Pandabuy customers, while an analysis by "Have I Been Pwned?" creator Troy Hunt found that only approximately 1.3 million user entries were real, while the rest contained nonexistant email addresses.^[12][15] Pandabuy attempted to censor posts on its Discord and Reddit pages to cover up the leak, before offering a "10% freight subsidy" to users as compensation. Both actions were received negatively by Pandabuy customers.^[16][17]

In June 3, 2024, Sanggiero posted on the BreachForums that they were going to sell all information from the databreach, containing over 17 million user entries, for 40,000$. They had again ransomed the information to Pandabuy, who refused to pay as the two had violated the original ransom and sold the information. ^[13][14]

Europol

On May 10, 2024, IntelBroker announced on BreachForums that they had gained access to 9,128 confidential records from the European Union's law enforcement agency Europol, including employee information, source code, and guideline documents. Most of the records came from the Europol Platform for Experts, a discussion platform for law enforcement, and the electronic evidence program SIRIUS. Europol confirmed that the leak was real, but claimed that it only contained information from Europol Platform for Experts and SIRIUS, and did not contain any operational information.^[18][19] IntelBroker announced that they would be accepting offers for the data in Monero,^[20] which was sold on May 11.^[21]

Apple

In June 2024, IntelBroker claimed on X that they had acquired source code for several internal Apple tools, before releasing the code on BreachForums. These tools were related to internal Apple processes, such as authenticating users and sharing information within Apple's network.^[22] Later analysis revealed that leaked code was not source code, but instead plugins for internal tools. However, the code still was a security risk, and could potentially be used by malicious parties.^[23][24]

AMD

On June 17, 2024, IntelBroker claimed on BreachForums that they had breached semi-conductor giant AMD, and was selling the compromised data. Samples provided by them included data on future products, employee information, customer information, source code, and financial records.^[25] AMD quickly contacted law enforcement agencies to investigate the breach.^[26] Soon after AMD claimed that the breach was limited in scope, would not impact the business, and implied that it did not include employee or customer information, conflicting with the initial report by The Cyber Express.^[27] Bloomberg correlated the attack with a 2.4% fall in AMD stock soon after the breach was announced.^[28]

References

1. Khaitan, Ashish (8 February 2023). "Weee! Data Breach: 11M User Records Leaked By Unknown Threat Actor". The Cyber Express. Retrieved 14 August 2024.
2. "Exclusive IntelBroker Interview: Inside The Mind Of A Hacker". The Cyber Express. 14 March 2024. Retrieved 14 August 2024.
3. "Dark Web Profile: IntelBroker". SOCRadar. 28 June 2024. Retrieved 14 August 2024.
4. The Intelbroker Data Leak Threat Actor (PDF) (Report). Mphasis. 2024-06-21.
5. DIB-REPORTED CYBER THREATS (PDF) (Report). Vol. CY2022. Department of Defense Cyber Crime Center. December 2022. Retrieved 2024-08-14.
6. Sergiu Gtalan (3 April 2024). "US State Department investigates alleged theft of government data". BleepingComputer. Retrieved 14 August 2024.
7. Sergiu Gatlan (5 April 2024). "Acuity confirms hackers stole non-sensitive govt data from GitHub repos". BleepingComputer. Retrieved 14 August 2024.
8. Jessica Lyons (4 April 2024). "Feds investigates alleged classified data theft". The Register. Retrieved 14 August 2024.
9. Jon, Quincy (5 April 2024). "Federal Contractor Acuity Confirms GitHub Breach: What Did Hackers Steal?". Tech Times. Retrieved 14 August 2024.
10. Kovacs, Eduard (5 April 2024). "Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Non-Sensitive Info". SecurityWeek. Retrieved 14 August 2024.
11. Sead Fadilpašić (2 April 2024). "Chinese ecommerce giant PandaBuy hit by cyberattack, data breach". TechRadar. Retrieved 14 August 2024.
12. Bill Toulas (1 April 2024). "Shopping platform PandaBuy data leak impacts 1.3 million users". BleepingComputer. Retrieved 14 August 2024.
13. Paganini, Pierluigi (7 June 2024). "Pandabuy was extorted twice by the same threat actor". Security Affairs. Retrieved 14 August 2024.
14. Bill Toulas (6 June 2024). "PandaBuy pays ransom to hacker only to get extorted again". BleepingComputer. Retrieved 14 August 2024.
15. Ashish Khaitan (25 April 2024). "PandaBuy Leak List: 1.3M Users' Info Exposed In Cyberattack". The Cyber Express. Retrieved 14 August 2024.
16. Hope, Alicia (8 April 2024). "Data Breach Impacts 1.3 Million Pandabuy Customers; Company Apologizes After Apparent Cover-Up - CPO Magazine". CPO Magazine. Retrieved 14 August 2024.
17. Sead Fadilpašić (2 April 2024). "Chinese ecommerce giant PandaBuy hit by cyberattack, data breach". TechRadar. Retrieved 14 August 2024.
18. Sead Fadilpasic (14 May 2024). "Hackers claim to have breached Europol web portal, but force says no significant data stolen". TechRadar. Retrieved 14 August 2024.
19. Antoaneta Roussi (13 May 2024). "Cybercriminals claim hack of EU police agency, posting data online". POLITICO. Retrieved 14 August 2024.
20. Sergiu Gatlan (11 May 2024). "Europol confirms web portal breach, says no operational data stolen". BleepingComputer. Retrieved 14 August 2024.
21. Kovacs, Eduard (13 May 2024). "Europol Investigating Breach After Hacker Offers to Sell Classified Data". SecurityWeek. Retrieved 14 August 2024.
22. Anton Shilov (21 June 2024). "Intelbroker claims they hacked Apple in the same week as AMD". Tom's Hardware. Retrieved 14 August 2024.
23. Winder, Davey (20 June 2024). "Has Apple Been Hacked? June 2024 Breach Exposes Source Code, Hacker Claims". Forbes. Retrieved 14 August 2024.
24. Andrew (19 June 2024). "Technical Analysis of Apple Internal Source Code Leak - AHCTS, LLC". AHCTS, LLC. Retrieved 14 August 2024.
25. Ashish Khaitan (26 June 2024). "Intelbroker Advertises Massive AMD Data Breach On Dark Web". The Cyber Express. Retrieved 14 August 2024.
26. Anton Shilov (19 June 2024). "AMD working with law enforcement after reports of massive data breach — hack may have uncovered future product details". Tom's Hardware. Retrieved 14 August 2024.
27. Jeff Butts (20 June 2024). "AMD provides update on data breach — says it won't 'have a material impact' on business". Tom's Hardware. Retrieved 14 August 2024.
28. Ian King (18 June 2024). "AMD Is Investigating Claims That Company Data Was Stolen in Hack". Bloomberg.com. Retrieved 14 August 2024.