Nokia has suffered a data breach, exposing a trove of sensitive information. The threat actor known as IntelBroker, along with EnergyWeaponUser, has claimed responsibility for a significant data breach involving Nokia’s proprietary source code.
The breach reportedly involves a substantial collection of Nokia’s source code, allegedly obtained through a third-party contractor associated with Nokia’s internal tool development.
The stolen data includes sensitive information such as SSH keys, RSA keys, Bitbucket credentials, SMTP accounts, webhooks, and hardcoded credentials. A file tree has been provided as evidence to substantiate these claims.
A file tree, provided as evidence, indicates the extent of the data compromised in the breach. The incident underscores the risks associated with third-party contractors and the cascading effects a breach in a technology provider’s infrastructure could have on connected industries.
https://twitter.com/H4ckManac/status/1853378987730358770?s=19
Tweet
The threat actors claim to be selling this data, raising concerns about the potential misuse of Nokia’s intellectual property and the availability of SSH and RSA keys, in particular, poses a serious threat, as these could potentially be used to gain unauthorized access to secure systems.
Nokia has yet to issue an official statement regarding the breach, but this is one of the wake-up call to the companies to review their security protocols and pay attention to the third parties
