Notorious cybercriminal group Intelbroker has made another eyebrow-raising claim on the dark web forum BreachForums. Following its reported breach of AMD last week, the group now claims to have also compromised Apple, stealing critical source codes and employee data.
According to Intelbroker, they have accessed and stolen source codes for Apple’s internal tools, including AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin. They also claim to have obtained employees’ personally identifiable information (PII) and other sensitive data.
AppleConnect-SSO is an authentication system that allows employees to access specific applications within Apple’s network. An ex-Apple retail employee revealed to 9to5Mac that AppleConnect serves as the employee equivalent of an Apple ID and is used to access all internal systems except email. The other two tools, Apple-HWE-Confluence-Advanced and AppleMacroPlugin, are speculated to be used for internal information sharing and process facilitation, respectively.
Apple is silent, AMD acknowledged claims
While Apple has not confirmed the breach, AMD has acknowledged Intelbroker’s claims and stated that they are working closely with law enforcement officials and a third-party hosting partner to investigate the breach’s validity and the significance of the stolen data. Intelbroker has posted screenshots from AMD’s internal systems to prove its claims.
Dark Web Informer, known for sharing information found on the dark web on X, posted screenshots suggesting that Intelbroker has released the internal source code to three of Apple’s commonly used tools. Security vendor AHCTS reported that its Intelligence team purchased the data for approximately $11 USD. They assert that the leaked data does not include the internal Apple tools themselves but rather internal custom integrations connecting Apple’s proprietary authentication systems to Atlassian Jira and Confluence for SSO authentication within the Apple corporate network.
“Based on information within the leaked data, the source code handles authentication to retail-confluence.apple.com, a Confluence server not accessible on the public internet,” AHCTS stated.
Cybercriminal gangs have previously made false claims about infiltrating large organizations to sell data. However, the AMD and Apple breaches seem genuine based on the sightings of stolen data on the dark web and Intelbroker’s growing reputation. Intelbroker has previously claimed to have breached the Los Angeles International Airport, the US federal technology consulting firm Acuity, and Africa’s largest retailer, Shoprite. They have also allegedly stolen data from Europol, The Home Depot (via a third-party vendor), and DC Health Link.
As the investigation unfolds, the tech world watches closely, wary of the implications and potential fallout from these alleged breaches.
{{user}} {{datetime}}
{{text}}