Threat actor IntelBroker claims alleged breaches of Apple, AMD

Threat actor IntelBroker, known for multiple high-profile breaches, now claims it has obtained the internal source code of three commonly used Apple tools. On Tuesday, IntelBroker also posted AMD’s data for sale, alleging the data compromise on future AMD products, specification sheets, and employee information.

Unconfirmed reports allege that the website suffered a data breach in June 2024, potentially exposing some of the company’s internal tools. According to these claims, the exposed tools were AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin.

“I'm releasing the internal source code to three of Apple's commonly used tools for their internal site, thanks for reading and enjoy!” IntelBroker posted on BreachForums, an illicit marketplace for data leaks and other breach data or tools.

IntelBroker has claimed responsibility for the cyberattack and provided a sample of the source code. The post was first discovered by Dark Web Informer, a dark web tracker on X.

Cybernews did not check the validity of the claims or the authenticity of the code. We contacted Apple for a comment and are awaiting their response.

If true, the name of the exposed tools could suggest they are used for single sign-on authentication to various systems, collaboration, and automation and could potentially compromise the company’s internal workflow. However, without confirmation, the extent and impact remain uncertain.

This is the second big tech company IntelBroker has claimed this week. On Tuesday, IntelBroker posted claims about compromising the Advanced Micro Devices (AMD) website in June 2024.

“AMD, a large computing company, suffered a data breach. Compromised data: Future AMD products, Spec sheets, employee databases, customer databases, property files, ROMs, source code, firmware, and finances,” the threat actor said in a separate post on the illicit forum.

In a statement to Reuters, AMD said that it is investigating the claims: “We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.”

IntelBroker posted the data for sale without disclosing the price, saying it accepts middlemen and waits for offers via direct messages.

According to the cybercriminal, the sample provided includes the employee's full name, job function, business phone, email, and status. The full breach allegedly compromised “future AMD products, Spec sheets, employee databases, customer databases, property files, ROMs, source code, firmware, and finances.”

IntelBroker is a notorious attacker who is believed to be responsible for hacking Europol’s Platform for Experts (EPE) and a security breach at DC Health Link, a health insurance company, which resulted in the exposure of 170,000 records and the following congressional hearing.

IntelBroker leaked data from PandaBuy, HomeDepot, and stole data from General Electric, the US Citizenship and Immigration Services (USCIS), US cellular carriers, and Facebook Marketplace.