Intelbroker claims they hacked Apple in the same week as AMD

Apple
(Image credit: Apple)

Intelbroker, a notorious criminal, has certainly been busy this week as they claimed to have hacked AMD and now Apple. On Thursday they posted a message on an forum saying they had managed to access internal source code for three Apple's tools, just a day after a similar claim involving AMD, reports The Cyber Express. Apple has yet to confirm the breach, but the potential impact could be significant. 

Intelbroker posted on BreachForums, stating they had obtained source code for AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin tools meant for internal use. AppleConnect-SSO is used for authentication within Apple's network, while Apple-HWE-Confluence-Advanced is likely for internal information sharing, and AppleMacroPlugin facilitates internal processes, The Cyber Express suggests. 

Intelbroker's post did not specify if the data was for sale, but the forum screenshot shared by Hackmanac indicated this possibility, reports 9to5Mac. It should be noted that dark web forums often vet data to prevent scams, and Intelbroker's growing reputation suggests credibility. However, there is always a risk of fraudulent claims in such situations so take the news with a pinch of salt. 

The situation remains unconfirmed as Apple has not responded to a request for comment sent by The Cyber Express. There is also lack of any reports about the alleged breach at prominent news agencies, such as Bloomberg and Reuters. For obvious reasons, verification of the breach would require Apple to patch vulnerabilities and enhance security measures to prevent further damage. This highlights the ongoing challenges in cybersecurity for tech companies. 

The breach, if confirmed, could expose vulnerabilities and compromise Apple's internal operations. While the company is known for robust security (and ultimate secrecy when it comes to working on projects), it still faced cyber threats in the past, according to the report.  

In addition to a potential breach of AMD's internal network earlier this week (which AMD says will not have a material impact), IntelBroker's history of high-profile breaches adds weight to these claims. Previous victims include Europol, Panda Buy, Home Depot, General Electric, USCIS, and Facebook Marketplace.

Anton Shilov
Contributing Writer

Anton Shilov is a contributing writer at Tom’s Hardware. Over the past couple of decades, he has covered everything from CPUs and GPUs to supercomputers and from modern process technologies and latest fab tools to high-tech industry trends.

  • peachpuff
    Apple: nothing happened, we're a 3 trillion dollar company...
    Reply
  • Metal Messiah.
    For obvious reasons, verification of the breach would require Apple to patch vulnerabilities and enhance security measures to prevent further damage. The breach, if confirmed, could expose vulnerabilities and compromise Apple's internal operations

    Don't jump on any conclusion, Anton. To clarify:

    Contrary to what some sites have been reporting, the leaked data does NOT include internal Apple tools, but instead, contains internal custom integrations to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for SSO authentication within the Apple corporate network.

    So, basically the source code handles the authentication to retail-confluence.apple.com, a Confluence server which is not routable on the public internet.

    The origin of the leak remains unknown, with the possibility that it may have originated from either Apple’s internal systems or from cPrime, the external consultancy responsible for developing these plugins.

    So to reiterate.

    An analysis of the leaked code by the security team at cybersecurity consultancy AHCTS revealed that the released code isn’t actually the source to the internal tools themselves, but rather “proprietary internal plugins and configurations” that are used “to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for Single Sign On authentication within the Apple corporate network.”

    The highly technical analysis by AHCTS concludes that the leak of these custom plugins “poses significant cybersecurity risks,” but no Apple end-user products or services are impacted.
    The detailed configurations and sensitive information contained within the code could, AHCTS said, “potentially be exploited by malicious actors.”

    https://ahcts.co/technical-analysis-of-apple-internal-source-code-leak/

    1803485734944284952View: https://x.com/andrewchenke/status/1803485734944284952
    Reply
  • Pierce2623
    Metal Messiah. said:
    Don't jump on any conclusion, Anton. To clarify:

    Contrary to what some sites have been reporting, the leaked data does NOT include internal Apple tools, but instead, contains internal custom integrations to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for SSO authentication within the Apple corporate network.

    So, basically the source code handles the authentication to retail-confluence.apple.com, a Confluence server which is not routable on the public internet.

    The origin of the leak remains unknown, with the possibility that it may have originated from either Apple’s internal systems or from cPrime, the external consultancy responsible for developing these plugins.

    So to reiterate.

    An analysis of the leaked code by the security team at cybersecurity consultancy AHCTS revealed that the released code isn’t actually the source to the internal tools themselves, but rather “proprietary internal plugins and configurations” that are used “to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for Single Sign On authentication within the Apple corporate network.”

    The highly technical analysis by AHCTS concludes that the leak of these custom plugins “poses significant cybersecurity risks,” but no Apple end-user products or services are impacted.
    The detailed configurations and sensitive information contained within the code could, AHCTS said, “potentially be exploited by malicious actors.”

    https://ahcts.co/technical-analysis-of-apple-internal-source-code-leak/

    1803485734944284952View: https://x.com/andrewchenke/status/1803485734944284952
    That’s looks more like proof that Apple was hacked and it was maybe just a less important server.
    Reply
  • TechyIT223
    An apple a day does not keep hackers at bay ! LOL 😆
    Reply
  • Metal Messiah.
    TechyIT223 said:
    An apple a day does not keep hackers at bay ! LOL 😆

    👨‍⚕️doc !
    Reply
  • Amdlova
    The Intel guy has a busy week for sure...
    next week will be nvidia day
    Reply
  • TechyIT223
    BTW it is unclear whether Intelbroker is trying to sell the data from AMD and also Apple or not, as it appears to just be up for grabs as is. Since they are high profile hackers.
    Reply
  • OneMoreUser
    Hackers along with the people that do scams on the internet needs to rot in jail. Especially the later that often prey on the elderly or otherwise vulnerable, there is nothing lower than that.
    Reply
  • TechyIT223
    OneMoreUser said:
    Hackers along with the people that do scams on the internet needs to rot in jail. Especially the later that often prey on the elderly or otherwise vulnerable, there is nothing lower than that.

    Lol. Just chill dude
    Reply
  • TechyIT223
    This Intelbroker guy or group is a "Threat Actor" more like IMO. Not a "hacker" group to be clear.

    A lot of people get confused by this.
    Reply