Threat actors leak Bosch iSite platform source code


The leaker claims to have acquired the source code by exploiting a SonarQube zero-day vulnerability.

Unknown attackers have allegedly breached and infiltrated the servers of Bosch iSite and made away with the source code of the manufacturing giant’s 5G IoT connectivity platform.

Bosch iSite is a 5G wearable technology and IoT software platform aimed at connecting construction workers across building sites.

ADVERTISEMENT
bosch isite leak forum post screenshot

From what samples of the leaked data we were able to access, it appears to be corporate and highly technical in nature.

Sample screenshot from the leaked archive:

bosch isite leak arhive screenshot

Details of the leak

According to the leak that was posted on the forum on October 20, the threat actors shared the source code of the iSite service website in a 184 KB archive, which includes 11 folders, including what appears to be code for iSite’s authentication, messaging service, and multiple types of device controller services written in JavaScript.

Sample screenshot of the threat actor’s security analysis of iSite:

bosch isite leak supporting material screenshot
ADVERTISEMENT

Aside from confidential corporate data, the leaked Bosch iSite archive appears to contain no identifiable personal user information, such as Bosch employee account credentials or other sensitive personal data.

According to the leaker, the source code was acquired by exploiting one or more zero-day vulnerabilities in the SonarQube open-source platform, which the threat actor promised to detail in a future thread on the hacker forum.

Who had access to the data?

Since the leak was made freely available to anyone, we assume that multiple members of the hacker forum, many of whom are likely to be cybercriminals, were able to download and access the data since it’s been published.

There is a possibility that the archive was leaked online as a result of the threat actor’s failed ransom negotiations with Bosch.

Many ransomware gangs tend to offer post-breach data leaks for free. As such, the Bosch iSite archive is still available, and there is a high chance that sooner or later, the confidential company data may be used by bad actors for malicious purposes.

Next steps

For organizations that wish to avoid becoming victims of ransomware groups, here are a few basic precautions to have in mind:

  1. Establish an intelligent threat detection system or a security incident event management system. In the event of a breach by malicious actors, such systems will alert your IT personnel about the incident in real-time and help them prevent data exfiltration from company servers.
  2. Use a secure encryption algorithm to encrypt your confidential data. When encrypted, your company data would be all but useless to attackers. The data would be scrambled by the algorithm, which would render it unreadable for unauthorized parties without a decryption key.

To see if any of your online accounts were exposed in previous security breaches, use our personal data leak checker with a library of 15+ billion breached records.

ADVERTISEMENT

More from CyberNews

GIGABYTE fell victim to ransomware again

Attackers target the cloud. We just don't care to notice - interview

The reason why support scams have proliferated: they work

Should former spies work on privacy products?

Subscribe to our newsletter