iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Threat actors are claiming to have stolen data belonging to the Five Eyes intelligence group after breaching a US national security technology contractor.
The hackers took to BreachForums to announce that they had exfiltrated data from the firm and posted a sample as proof.
“Today, I am releasing the documents belonging to the Five Eyes intelligence group,” BreachForums user “IntelBroker”, a threat actor with a history of targeting high-profile organisations such as T-Mobile, Facebook Marketplace, General Electric, the US Citizenship and Immigration Services (USCIS) and DC Health Link.
“This data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies.”
According to IntelBroker, who is reportedly one of three hackers behind the breach, alongside “Sanggiero” and “EnergyWeaponUser”, exfiltrated data includes full names, emails, office numbers, personal mobile numbers, government, military and Pentagon email addresses and “classified information and communications between the 5 eyes, 14 eyes and the US’s allies”.
The US Department of State is aware of the breach and has launched an investigation into the attack.
“The department is aware of claims that a cyber incident has occurred and is currently investigating,” a spokesperson for the State Department told BleepingComputer.
“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cyber security posture.
“For security reasons, we will not provide details on the nature and scope of the claim.”
The sample posted to BreachForums includes what appear to be memos containing communications between government agencies and members; however, the legitimacy of the memos is unverified.
According to findings by the research team at CyberNews, while some of the leaked data could be sensitive, the information appears to be quite old, with records dated only as late as 2016.
“The dump itself is strange, as it has some formatting issues that would be incompatible with SQL – meaning it cannot be restored into a local database for easier analysis,” the CyberNews researchers said.
Additionally, IntelBroker has claimed a number of government data breaches before, including on the Department of Defense, the US Army and the US Immigration and Customs Enforcement (ICE).
While there is no way to confirm this, the most recent leak could be connected to the earlier attacks. However, this is unconfirmed.
There is, however, some crossover between the data in the most recent leak and that shared in the USCIS/ICE leak.
Be the first to hear the latest developments in the cyber industry.
