Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Zscaler launches investigation after IntelBroker claims cyber attack

Cloud cyber security company Zscaler has taken one of its systems offline after rumours of a cyber attack on its systems spread online.

user icon Daniel Croft
Fri, 10 May 2024
Zscaler launches investigation after IntelBroker claims cyber attack
expand image

The company first noted on 8 May that a threat actor had claimed, on X (formerly Twitter), to have exfiltrated unauthorised data.

============
============

The threat actor in question was the notorious IntelBroker, who posted on BreachForums that he was selling access to a “large Cybersecurity company” for US$20,000.

According to the post, access includes:

“- Confidential and highly critical logs packed with credentials

“- SMTP Access

“- PAuth Pointer Auth Access

“- SSL Passkeys & SSL Certificates

“- some others (will be on contact).”

IntelBroker added that Zscaler’s annual revenue was US$1.8 billion.

On news of the incident, Zscaler posted a security update announcing that it was launching an investigation.

“There is an ongoing investigation we initiated immediately after learning about the claims. We take every potential threat and claim very seriously and will continue our rigorous investigation,” the company wrote, despite initially dismissing the claims.

As part of the investigation, Zscaler said it discovered an “isolated test environment on a single server (without any customer data) which was exposed to the internet”, which was promptly taken down.

“The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments,” it said.

The company added that it was able to confirm that its customer, production and corporate environments suffered no impact as a result of the incident. The next day, it also engaged a “reputable incident response firm”.

Additionally, as reported by CSO Online, a Zscaler employee also said the claims of the attack were “completely inaccurate and unfounded”.

“We regularly see attempted attacks and rumours circulating, but it is crucial to rely only on official communications from Zscaler itself to get factual updates and information,” the employee said.

That being said, a number of users on X claim that the breach is confirmed, including @DarkWebInformer who has a reputation for sharing information on breaches.

Additionally, another user by the name of James H (@milkshakesbot) said he had seen IntelBroker discussing the breach in shoutbox, confirming that IntelBroker’s post was refering to Zscaler.

This is a developing story. Cyber Daily will provide an update as new information is discovered.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.