- Track US election results on your iPhone, iPad or Apple Watch - here's how
- How to Become a Chief Information Officer: CIO Cheat Sheet
- 3 handy upgrades in MacOS 15.1 - especially if AI isn't your thing (like me)
- Your Android device is vulnerable to attack and Google's fix is imminent
- Microsoft's Copilot AI is coming to your Office apps - whether you like it or not
Threat Actor Claims Classified Five Eyes Data Theft
A known threat actor has leaked online classified documents from the US government and its allies that they claim were stolen from a government IT contractor.
IntelBroker took credit for the breach, alongside Sanggiero and EnergyWeaponUser, according to a screenshot posted to X (formerly Twitter) by security researchers HackManac.
“Today I am releasing the documents belonging to the Five Eyes Intelligence Group,” the post noted. “The data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies.”
Acuity is a Virginia-based federal technology consultancy which claims to have “deep expertise” in areas such as IT modernization, DevSecOps, cybersecurity, data analytics and operations support.
According to the post on an underground cybercrime forum, the threat actors have classified information including full names, government and military email addresses, office and personal phone numbers, and “classified information and communications between the Five Eyes, 14 Eyes and US allies.”
#DataBreach Alert ⚠️
🇺🇸#USA: Alleged Acuity Inc breach leads to leak of sensitive Five Eyes Intelligence Group (FVEY) documents.
The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal tech consulting firm,… pic.twitter.com/qGV8IUmkT7
— HackManac (@H4ckManac) April 3, 2024
There’s good reason to suspect that IntelBroker’s claims are legitimate, with the actor linked to a string of successful high-profile breaches in the past.
In March 2023, they obtained personal data on 170,000 individuals including members of the US House of Representatives, after compromising health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).
In November of the same year, they advertised for sale sensitive information purportedly stolen from industrial giant and US government contractor General Electric.
“Data includes a lot of DARPA-related military information, files, SQL files, documents etc,” they said at the time.
Threat intelligence specialist Dark Web Informer claimed on X that IntelBroker had made the breach fully available in unredacted form on their X account. However, that account was rapidly suspended by the social media firm, indicating at least the seriousness of the claims.