Share this article on:
Threat actors claim to have accessed IBM’s network, exfiltrating employee data and publishing it on a popular threat forum.
Notorious threat actor 888 listed IBM online, claiming to have breached its network and “improperly accessed 17.5K rows” of data belonging to current and former employees.
“The data was managed by a third party which includes First Names along with some Full Names, Mobile Numbers and Country Codes of current and former IBM employees,” wrote 888.
The threat actor, 888, also provided a sample of the data allegedly exfiltrated, which contains a list of first names and mobile numbers, all with the country code “91” for India. It is unclear whether or not the claimed breach only affected staff in India or if other countries were involved.
Cyber Daily contacted IBM for more information, but the company refused to comment on the matter.
A member of the Cyber N—--s threat group run by infamous leaker IntelBroker, 888 has claimed breaches of a number of major companies in the past, including Shell, Heineken, Accenture, Shopify and Microsoft ANZ.
However, 888’s reputation for authentic data leaks has come into question in the past after a number of the companies listed above confirmed that the data breaches were fake or exaggerated.
Accenture in June said that 888’s data leak claims were false, with only three affected rather than the 32,000 listed, while Shopify denied the hack ever happening.
Microsoft also confirmed that no sensitive data was compromised in its alleged data breach.
The rest of the Cyber N—--s threat group, however, has a better reputation.
Most recently, IntelBroker claimed a major supply chain attack on Cisco, stealing large amounts of data belonging to it and its customers.
Data allegedly includes “Github projects, Gitlab Projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!”
IntelBroker listed a handful of companies that allegedly “had their production source codes taken”, including Vodafone Australia, National Australia Bank (NAB), Microsoft, Bank of America, AT&T, and more. Cyber Daily has not been able to verify these claims.
The threat actor also provided a full list of customers, which includes more companies from Australia and around the globe, including Allianz (Accenture), Australian Red Cross Blood Service, Ascension Health, Reserve Bank of Australia, the Australian Department of Defence, NSW Health, NSW Rural Fire Service, Queensland Health, Rio Tinto, EU Parliament, Fairfax Media, FBI, Google, Samsung, IBM, KPMG, US Ministry of Defence, and hundreds more.
It is unclear whether the companies in this list have been affected by the cyber attack or if the list is purely just Cisco’s customers. However, the Australian Red Cross Blood Service, which was only listed as a customer, appeared in the sample data.