Threat actor Intelbroker now claims it hacked Apple along with AMD

In brief: Intelbroker is gaining a reputation for breaching some big-name entities. After it hacked AMD, the group now says it has also compromised Apple. However, it is difficult to verify these claims, and Apple has yet to respond. This is what we know so far.

Notorious cybercriminal Intelbroker has made another eyebrow-raising claim on dark web forum BreachForums following its report of breaking into AMD last week. A day later, the group said it also compromised Apple, stealing its source code for internal tools, including AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin, as well as employees’ personally identifiable information and other data.

AppleConnect-SSO is an authentication system that allows employees to access specific applications within Apple’s network. An ex-Apple retail employee told 9to5Mac that AppleConnect serves as the employee equivalent of an Apple ID and is used to access all internal systems, with the exception of email. Not much is known about the other two tools, but it is speculated that Apple-HWE-Confluence-Advanced is likely used for internal information sharing, and AppleMacroPlugin facilitates internal processes.

Apple has not confirmed the breach, and AMD said that it is working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data. Intelbroker posted screenshots from AMD’s internal systems to prove it has the data.

Meanwhile, Dark Web Informer, who publishes information they find on the dark web on X, has posted screenshots that say Intelbroker has released the internal source code to three of Apple’s commonly used tools for their internal site.

ð¨MAJOR DATA BREACHð¨IntelBroker has allegedly leaked #Apple‘s Internal Tools.

IntelBroker has released the internal source code to 3 of Apple’s commonly used tools for their internal site,

In June 2024, https://t.co/uGXK0plIJe suffered a data breach and lead to the exposure… pic.twitter.com/Nm2cgyUhQ3

– Dark Web Informer (@DarkWebInformer) June 18, 2024

More information comes from security vendor AHCTS, which claims that its Intelligence team purchased the data for the USD equivalent of approximately $11. It also says that the leaked data does not include internal Apple tools, but instead contains internal custom integrations to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for SSO authentication within the Apple corporate network. “Based on information contained within the leaked data, the source code handles the authentication to retail-confluence.apple.com, a Confluence server which is not routable on the public internet,” it said.

There have been previous cases of cybercriminal gangs making false claims about infiltrating big organizations and having stolen data to sell. The AMD and Apple breaches, though, do appear they could be genuine, though there is no way to know for sure. Besides the sightings of the stolen data on the dark web, Intelbroker itself is gaining a reputation for its cybertheft exploits. It has previously claimed to have breached the Los Angeles International Airport to access personal and flight details. It also broke into US federal technology consulting firm Acuity, compromising federal agencies, and Shoprite, Africa’s largest retailer. Intelbroker has also tried to sell data allegedly stolen from Europol, The Home Depot (via a third-party vendor), and health insurance marketplace DC Health Link.