Data Theft
Cyberattack
IntelBroker sells GE's pipelines for $500 amid cyberattack probe. Uncover the th...
General Electric (GE), a stalwart in the American multinational scene, finds itself under scrutiny. A threat actor self-identified as IntelBroker, claims to have breached GE's development environment, an incident that has sparked concerns about the security of the company's data and systems.
## Alleged Breach
Earlier this month, IntelBroker attempted to monetize their alleged access to GE's _"development and software pipelines"_ on a hacking forum, seeking $500 for the information. When met with a lack of serious buyers, the threat actor escalated their efforts, now offering both network access and supposedly stolen data.
>>> "I am now selling the entire thing here separately, including access (SSH, SVN etc). Data includes much DARPA-related military information, files, SQL files, documents, etc.," IntelBroker declared on the forum.
As evidence of the breach, screenshots were shared, purporting to be stolen GE data, notably including a database from GE Aviation with information on military projects.
## GE's Response
In response to these claims, GE released a statement acknowledging the situation and asserting its commitment to investigating the alleged data leak.
>>> _"We are aware of claims made by a bad actor regarding GE data and are investigating these claims. We will take appropriate measures to help protect the integrity of our systems,"_ stated a GE spokesperson to BleepingComputer.
While the breach is yet to be confirmed, the involvement of IntelBroker raises eyebrows, given their track record of successful high-profile cyberattacks.
## IntelBroker's Notorious History
IntelBroker has a history marked by successful cyber intrusions, including a breach of the [Weee! grocery service](https://www.secureblink.com/cyber-security-news/weee-grocery-confirms-data-breach-exposing-1-1-million-customer-records). However, their most notable exploit involved the theft of sensitive personal information from the District of Columbia's D.C. Health Link program.
In March, IntelBroker breached DC Health Link, exposing a misconfigured server accessible online. The ensuing sale of a stolen database containing personal information triggered widespread media coverage and a congressional hearing to scrutinize the breach's origins.
## Technical Insights
### Code Exposure and Vulnerabilities
The threat actor's ability to compromise GE's development environment implies potential vulnerabilities in their code repositories and version control systems. The mention of _"access (SSH, SVN, etc.)"_ raises concerns about the exposure of critical components in GE's infrastructure.
### DARPA-Related Military Information
The alleged inclusion of DARPA-related military information in the stolen data underscores the severity of the breach. This not only poses a risk to GE but also raises questions about the broader implications for national security.
***Screenshot of GE data and access sold on a hacking forum (BleepingComputer)***
## Investigating Past Exploits
To understand the potential ramifications of the GE breach, delving into IntelBroker's past exploits is crucial. The breach of DC Health Link, a healthcare marketplace for Washington, D.C., highlighted the vulnerability of misconfigured servers.
### Congressional Scrutiny
The congressional hearing that followed the DC Health Link breach aimed to unravel the intricacies of the incident. Mila Kofman, Executive Director of the District of Columbia Health Benefit Exchange Authority, emphasized the exposure through a [misconfigured server](https://oversight.house.gov/wp-content/uploads/2023/04/Mila-Kofman-Written-Testimony-April-19-2023.pdf), emphasizing the importance of robust server configurations.
