- If ChatGPT produces AI-generated code for your app, who does it really belong to?
- The best iPhone power banks of 2024: Expert tested and reviewed
- The best NAS devices of 2024: Expert tested
- Four Ways to Harden Your Code Against Security Vulnerabilities and Weaknesses
- I converted this Windows 11 Mini PC into a Linux workstation - and didn't regret it
Threat Actor Claims Classified Five Eyes Data Theft
A known threat actor has leaked online classified documents from the US government and its allies that they claim were stolen from a government IT contractor.
IntelBroker took credit for the breach, alongside Sanggiero and EnergyWeaponUser, according to a screenshot posted to X (formerly Twitter) by security researchers HackManac.
“Today I am releasing the documents belonging to the Five Eyes Intelligence Group,” the post noted. “The data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies.”
Acuity is a Virginia-based federal technology consultancy which claims to have “deep expertise” in areas such as IT modernization, DevSecOps, cybersecurity, data analytics and operations support.
According to the post on an underground cybercrime forum, the threat actors have classified information including full names, government and military email addresses, office and personal phone numbers, and “classified information and communications between the Five Eyes, 14 Eyes and US allies.”
#DataBreach Alert ⚠️
🇺🇸#USA: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.
The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,… pic.twitter.com/qGV8IUmkT7
— HackManac (@H4ckManac) April 3, 2024
There’s good reason to suspect that IntelBroker’s claims are legitimate, with the actor linked to a string of successful high-profile breaches in the past.
In March 2023, they obtained personal data on 170,000 individuals including members of the US House of Representatives, after compromising health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).
In November of the same year, they advertised for sale sensitive information purportedly stolen from industrial giant and US government contractor General Electric.
“Data includes a lot of DARPA-related military information, files, SQL files, documents etc,” they said at the time.
Threat intelligence specialist Dark Web Informer claimed on X that IntelBroker had made the breach fully available in unredacted form on their X account. However, that account was rapidly suspended by the social media firm, indicating at least the seriousness of the claims.