Hacker using the alias 888, claims to be selling Samsung Medison data taken through a third party breach, including internal files, keys and user info.

A hacker using the alias 888 on a cybercrime forum is offering internal records and data they claim belong to **Samsung**. In a post dated 13 November 2025, the hacker says the breach came from an attack on a third-party contractor, giving them access to data from several companies, including Samsung.

The hacker says the files include source code, private keys, SMTP credentials, configuration files, hardcoded credentials and user PII taken from a healthcare backup. The post also lists access to MSSQL and AWS S3. In a note, the hacker adds that the MSSQL and AWS S3 data were already exported and dumped, and that the access itself was an extra item they were offering.

While the exact size of the data remains unclear, it is being offered as a one-time sale, with the hacker asking interested buyers to submit offers through Keybase. Payment is in XMR, the privacy-focused cryptocurrency also known as Monero.

****Alleged Samsung Medison Data****

The screenshots shared by the hacker were analysed by Hackread.com and show what appears to be backend database content and cloud storage data from a Samsung Medison healthcare environment, including SQL tables, user/employee records, internal logs and exported cloud directories.

Screenshot from the hacker’s post (Image credit: Hackread.com)

**Samsung Medison Co., Ltd** is a South Korean medical device company owned by Samsung. It focuses on ultrasound systems and other medical imaging technologies used in hospitals and clinics.

Hackread.com has contacted Samsung for comment, and only the company can confirm or deny the material. If the files turn out to be real, the situation raises a clear privacy and security threat because the data shown includes names, emails, country details, SQL records and cloud logs tied to a healthcare setting. This type of information can be misused for targeting, intrusion or follow-up attacks.

The same hacker has a long record of breaches and leaks going back to the days of the now-closed Breach Forums. **In July 2024**, they released thousands of employee records tied to Microsoft and Nokia.

Hacker Selling Alleged Samsung Medison Data Stolen In 3rd Party Breach

The security landscape now moves at a pace no patch cycle can match. Attackers aren’t waiting for quarterly updates or monthly fixes—they adapt within hours, blending fresh techniques with old, forgotten flaws to create new openings. A vulnerability closed yesterday can become the blueprint for tomorrow’s breach.
This week’s recap explores the trends driving that constant churn: how threat

⚡ Weekly Recap: Chrome 0-Day, AI Hacking Tools, DDR5 Bit-Flips, npm Worm & More

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company's encryption overnight, exposing your most sensitive data, rendering much of it untrustworthy.
And with your

Cyber Resilience / Webinar

Quantum computing and AI working together will bring incredible opportunities. Together, the technologies will help us extend innovation further and faster than ever before. But, imagine the flip side, waking up to news that hackers have used a quantum computer to crack your company's encryption overnight, exposing your most sensitive data, rendering much of it untrustworthy.

And with your sensitive data exposed, where does that leave trust from your customers? And the cost to mitigate - if that is even possible with your outdated pre-quantum systems? According to IBM, cyber breaches are already hitting businesses with an average of $4.44 million per incident, and as high as $10.22 million in the US, but with quantum and AI working simultaneously, experts warn it could go much higher.

In 2025, nearly two-thirds of organizations see quantum computing as the biggest cybersecurity threat looming in the next 3-5 years, while 93% of security leaders are prepping for daily AI-driven attacks. If you're in tech, finance, healthcare, or any field handling big data, this isn't sci-fi—it's the storm brewing right now.

But what if you could get ahead of it? Build reliable systems with multiple layers of protection that keep your operations rock-solid? That's what our upcoming webinar, "Building Trust and Resilience for the AI and Quantum 2.0 Era," is all about.

It's a panel of top experts diving into the world where quantum meets AI, and how to make your infrastructure unbreakable. Happening soon—don't miss out. Sign up for the Webinar now and secure your spot today!

**The Risk Hiding in Quantum and AI Advances**

Let's keep it real: Quantum 2.0 is exploding with cool stuff like super-fast computing, entanglement for instant communication, and sensors that see the unseen. Throw AI into the mix, and it's optimizing and analyzing everything from quantum systems to drug discovery to evolving everyday tech. Sounds awesome, right? But here's the flip side—these technology breakthroughs are also widening the door for cyber bad guys.

Quantum computers could render much of today's encryption useless, while AI makes attacks smarter and faster. Experts warn that AI-powered attacks are already growing in sophistication, and many security leaders believe quantum computing will dramatically increase future risks.

I've heard from pros in the field sharing nightmare stories: AI-driven phishing fools 60% of folks, just like old-school tricks, but now it's GenAI making fakes that look too real. And quantum? It's not decades away—threats like "harvest now, decrypt later" mean attackers are grabbing encrypted data today, waiting for quantum tech to unlock it. Without the right defenses, sectors like finance and healthcare could face chaos, losing data integrity and facing massive fines.

The good news? Solutions are available now that can protect you for Q-day and today.

**What You'll Walk Away With: Simple Steps to Build Resilience**

In this lively 60-minute panel, you'll hear from rockstar experts who've been shaping this space. They'll break down the hype and hand you practical ways to protect your world. No jargon overload—just straight talk on breakthroughs and how to turn them into your advantage.

Here's a taste of what they'll cover:

1.  **The Buzz on Quantum 2.0**: Get the lowdown on how quantum computing, sensing, and comms are changing the game—and how AI supercharges it all for smarter systems.
2.  **Why AI and Quantum Need to Play Nice with Security**: Learn why crypto-resilient setups are a must, with tips on aligning innovations without leaving weak spots.
3.  **Tackling Risks in This New World**: Dive into managing threats in AI-quantum mashups, including how to spot and stop emerging dangers before they hit.
4.  **Tailored Fixes for Your Industry**: Whether you're in finance, healthcare, or critical infra, grab strategies customized for high-stakes data protection.
5.  **Your Roadmap from Start to Finish**: Walk through planning, consulting, rollout, and ongoing services to make resilience a reality.
6.  **What Leaders Need to Do Right Now**: Key moves for bosses to lock in long-term security and keep things running smoothly.

Watch this Webinar Now

**Meet the Experts**

*   **Dr. Michael Eggleston**, Data & Devices Group Leader, Nokia Bell Labs: Leading advances in quantum tech and sensing.
*   **Dr. Michele Mosca**, Co-founder, evolutionQ & Programme Chair of the ETSI-IQC Quantum-Safe Cryptography Conference: Pioneer in quantum-safe crypto.
*   **Donna Dodson**, Former Chief Cybersecurity Advisor, NIST: Innovator in government cybersecurity.
*   **Bill Genovese**, CIO Advisory Partner, Global Quantum Services & Consulting Leader, Kyndryl: Strategist in emerging tech like quantum and AI.
*   **Martin Charbonneau**, Head of Quantum-Safe Networks, Nokia: Expert in securing networks against quantum threats.

Ready to arm yourself with these insights? Sign up for the Webinar now and join the conversation.

With quantum threats ramping up, adversaries using AI for slicker attacks—and reports like the Global Cybersecurity Outlook warning that 47% of orgs fear GenAI-boosted bad guys, waiting it out isn't an option. Cyber resilience and agility isn't just nice-to-have; it's urgent, as quantum tech could reshape cryptography and pose risks sooner than we think. This webinar isn't fluff—it's your shield for the AI-quantum era, blending innovation with rock-hard resilience.

Seats fill up fast, it's a quick win for huge peace of mind.

Save your seat now – See you there!

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

From Quantum Hacks to AI Defenses – Expert Guide to Building Unbreakable Cyber Resilience

FBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity.

Authorities in the United States have charged a British national, Kai Logan West, widely known online as “**IntelBroker**“, with a series of high-profile data breaches that collectively caused at least $25 million in damages to companies worldwide. The 23-year-old was arrested in France in February 2025 and now faces extradition to the United States to stand trial in the Southern District of New York.

As **reported** by Hackread.com, IntelBroker’s arrest was followed by several others, including four individuals linked to the ShinyHunters hacker group. Both IntelBroker and members of ShinyHunters were **involved** in administering and moderating the cybercrime and data breach forum BreachForums.

The **unsealed complaint** (PDF), dated February 2025, lays bare the FBI’s two-year investigation into West’s cybercrime operations, connecting him to dozens of data breaches, sales of stolen data, and the leadership of a hacking collective operating on clear and dark web forums.

****Who Is IntelBroker?****

Using aliases like “IntelBroker” and “Kyle Northern”, West built a reputation on a clear and dark web forum known in the indictment as “Forum‑1” ( BreachForums). Operating under the banner of a hacking crew called CyberN (formerly “The Boys”), IntelBroker offered hacked databases from government agencies, healthcare providers, telecommunications firms, and internet service providers.

Between 2023 and early 2025, West authored at least 158 threads offering stolen data on Forum‑1, with 41 of them involving US companies. The FBI notes that at least $2 million worth of **Monero cryptocurrency** was solicited for the stolen information.

In 2024, IntelBroker was listed as the “owner” of Forum‑1, and his fame skyrocketed as he gave away some data leaks for free to boost credibility, gather a following, and attract buyers.

****How the FBI Tracked Down IntelBroker****

What West didn’t know was that FBI agents were watching closely. The bureau deployed undercover officers posing as buyers on Forum‑1. On at least two occasions, agents purchased stolen data directly from IntelBroker.

In January 2023, one agent bought an API key and login credentials for a company dubbed “Victim‑7.” Although the credentials were limited in value, the transaction became a key element in tracking his identity when IntelBroker asked for payment in Bitcoin (instead of Monero) and provided a wallet address that could be traced on the blockchain.

FBI blockchain analysts followed the money and found that:

*   The Bitcoin wallet used for the transaction had been seeded from another wallet linked to an account on a financial platform called Ramp.
*   That Ramp account was registered using a UK provisional driving license issued to Kai Logan West.
*   The same identity, Kai West, also owned a Coinbase account under the alias Kyle Northern, but with KYC verification; confirming it was the same individual.

Provisional driving licence of Kai West (Image via US Justice Department complaint)

Further connecting the dots, both accounts were linked to a Gmail address used by West for personal matters, including:

*   Cloud-stored selfies
*   Receipts and ID documents
*   UK University Housing and Tuition communications
*   Videos showcasing networking tools like “GPRS Smash”

The email also included a student certificate showing West was enrolled in a Cyber Security program.

****Online Footprints and Forum Activity****

West didn’t just transact carelessly, he also exposed himself by linking his online activity to personal behaviour. His IntelBroker posts on Forum‑1 often referenced YouTube videos that he had just viewed from his personal email account, and he regularly updated his signature block to list members of his hacking group, which made it easier to trace his involvement across multiple threads.

When Forum‑1 was **seized and shut down in 2024** and relaunched, all old posts inherited the updated signature, creating a consistent trail of West’s activity and affiliations dating back to early 2023.

One of the YouTube videos posted by IntelBroker on BreachForums (Image via US Justice Department complaint)

****The Victim List: Telecoms, Healthcare, ISPs****

The indictment outlines at least six victims, referred to only as Victim‑1 through Victim‑6. Victim‑1, a telecom provider, had data exfiltrated and deleted from a hosting server in Manhattan, resulting in damage estimated in the hundreds of thousands.

Victim‑3, a municipal healthcare provider, had the personal and health data of over 56,000 individuals stolen, which West later sold to an undercover FBI agent for $1,000 in Monero. Victim‑6, an internet service provider, was compromised using information from previous leaks to breach an internal server.

In each case, West publicly offered proof samples, negotiated sales via private messages, and accepted only Monero to maintain anonymity, though the paper trail caught up.

However, since Hackread.com exclusively reported on IntelBroker’s data breaches, here is a comprehensive list of data breaches and leaks claimed by the hacker:

Here is the list sorted from shortest to longest by character count:

1.  **AMD**
2.  **Apple**
3.  **Cisco**
4.  **Nokia**
5.  **US DoD**
6.  **Europol**
7.  **T-Mobile**
8.  **Robert Half**
9.  **Space Eyes**
10.  **Home Depot**
11.  **Tech in Asia**
12.  **General Electric**
13.  **LA Intl. Airport**
14.  **HSBC & Barclays Bank**
15.  **Facebook Marketplace**
16.  **Weee! Grocery Service**
17.  **UAE’s Lulu Hypermarket**
18.  **US Federal Contractor Acuity**
19.  **Hewlett Packard Enterprise (HPE)**
20.  **MIT Technology Review Magazine**
21.  **An unnamed but “Top” Cybersecurity Firm**

****Criminal Charges****

West has been charged with four federal offences:

1.  Wire fraud
2.  Conspiracy to commit wire fraud
3.  Conspiracy to commit computer intrusions
4.  Accessing a protected computer to defraud and obtain value

Each carries the potential for several years in prison, particularly when involving health data or affecting critical infrastructure.

The FBI’s Special Agent Carson Hughes and US Attorney Jay Clayton emphasized the global reach and danger of IntelBroker’s operations. The FBI called the case “a warning” to cybercriminals who believe online anonymity shields them from consequences.

****Did IntelBroker Work for the UK’s National Crime Agency?****

Kai West presented himself professionally as a cybersecurity researcher and operated under two separate identities on LinkedIn, one as Kyle Northern and the other as K West. This was first flagged by **Nathaniel Fried**, Co-founder and CEO at 0xbowio, who shared details of West’s dual profiles with Hackread.com.

Notably, the Kyle Northern profile claimed he worked as a Security Researcher Trainee at the UK’s National Crime Agency (NCA) from September to October 2019. If accurate, this role could have involved access to classified systems, as the NCA deals with serious organized crime and national security. While the NCA affiliation remains unverified, West’s claimed background in cybersecurity and his academic path suggest the possibility shouldn’t be dismissed outright.

Kai Logan West on LinkedIn (Screenshot credit: Hackread.com)

West remains in French custody, and US officials are actively **seeking** extradition. If convicted, he could face decades behind bars. Meanwhile, Forum‑1 has been offline since April 2025, **reportedly** due to a MyBB zero-day vulnerability. Many of its members have since migrated to other platforms, including DarkForums and the Russian-language cybercrime forum XSS.

The exposure of IntelBroker stands out as a major cybercrime takedown. What made it possible was a mix of undercover FBI work, cryptocurrency tracking, and even old-school email evidence, all of which helped track one of the most well-known figures on cybercrime forums.

How an Email, Crypto Wallet and YouTube Activity Led the FBI to IntelBroker

Eleven11bot infects webcams and video recorders, with a large concentration in the US.

A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.

The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering “hyper-volumetric attacks.” Eleven11bot has been delivering large-scale attacks ever since.

Volumetric DDoSes shut down services by consuming all available bandwidth either inside the targeted network or its connection to the Internet. This approach works differently than exhaustion DDoSes, which over-exert the computing resources of a server. Hypervolumetric attacks are volumetric DDoses that deliver staggering amounts of data, typically measured in the terabits per second.

**Johnny-Come-Lately Botnet Sets a New Record**

At 30,000 devices, the Eleven11bot was already exceptionally large (although some botnets exceed well over 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks.

Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets. The largest one Nokia has seen from Eleven11bot so far occurred on February 27 and peaked at about 6.5 terabits per second. The previous record for a volumetric attack was reported in January at 5.6 Tbps.

"Eleven11bot has targeted diverse sectors, including communications service providers and gaming hosting infrastructure, leveraging a variety of attack vectors," Meyer wrote. While in some cases the attacks are based on the volume of data, others focus on flooding a connection with more data packets than a connection can handle, with numbers ranging from a "few hundred thousand to several hundred million packets per second." Service degradation caused in some attacks has lasted multiple days, with some remaining ongoing as of the time this post went live.

A breakdown showed that the largest concentration of IP addresses, at 24.4 percent, was located in the US. Taiwan was next at 17.7 percent, and the UK at 6.5 percent.

In an online interview, Meyer made the following points:

> *   This botnet is much larger than what we're used to seeing in DDoS attacks (the only precedent I have in mind is an attack from 2022 right after the Ukraine invasion, at ~60k bots, but not public).
> *   The vast majority of its IPs were not involved in DDoS attacks prior to last week.
> *   Most of the IPs are security cameras (Censys thinks Hisilicon, I saw multiple sources talk to a Hikvision NVR too so that is a possibility but not my area of expertise).
> *   Partly because the botnet is larger than average, the attack size is also larger than average.

According to a post updated on Wednesday from security firm Greynoise, Eleven11bot is most likely a variant of Mirai, a family of malware for infecting webcams and other Internet of Things devices. Mirai debuted in 2016, when tens of thousands of IoT devices infected by it delivered what at the time were record-setting DDoSes of about 1 Tbps and took down security news site KrebsOnSecurity for almost a week. Shortly after that, Mirai developers published their source code in a move that made it easy for copycats everywhere to deliver the same massive attacks. Greynoise said that the variant driving Eleven11bot is using a single new exploit to infect TVT-NVMS 9000 digital video recorders that run on HiSilicon chips.

There have been conflicting reports on the number of devices comprising Eleven11bot. Following Nokia's report last Saturday of roughly 30,000 devices, the nonprofit Shadowserver Foundation said Tuesday that the true size was more than 86,000. Then in Wednesday's update, Greynoise said that based on data from fellow security firm Censys, both numbers were inflated and the true number was likely fewer than 5,000.

The upward revision from Shadowserver was likely the result of the belief that all infected devices displayed unique device information. That suspicion now appears to be incorrect. Instead, Meyer believes the information seen on infected devices is displayed on all such hardware, whether infected or not. Researchers from Greynoise and Censys weren't immediately available to explain how they arrived at the much lower estimate of fewer than 5,000.

Meyer said that he has consistently observed as many as 20,000 to 30,000 IP addresses participating in follow-on attacks, although many attacks come from much smaller subsets. He said that he has since sent a list of all 30,000 or so IP addresses he has observed to Censys and plans to also send them to Shadowserver soon in hopes of getting consensus on the true size.

"I am still confident on the estimated count as this is what we keep seeing in attacks and after human review of the source IPs," he wrote.

Mirai-based botnets employ various methods for infecting their targets. One common method is to attempt to log in to device administrator accounts using username/password pairs commonly set as defaults by manufacturers. Mirai botnets have also been known to exploit vulnerabilities that bypass security settings.

In any case, anyone running any sort of IoT devices should position them behind a router or other form of firewall so they're not visible from outside a local network. Remote administration from outside the Internet should be enabled only when needed. Users should also ensure each device is protected by a strong unique password. Last, devices should be updated as soon as security patches become available.

_This story originally appeared on_ _Ars Technica._

A Brand-New Botnet Is Delivering Record-Size DDoS Attacks

The company reports that it is not experiencing any operational issues within its business, so far.

Source: JHVEPhoto via Alamy Stock Photo

NEWS BRIEF

Hewlett Packard Enterprise (HPE) is conducting an investigation after a threat actor said it had stolen data from the company's network.

IntelBroker, a cyberattack group that has been active since at least 2022, claimed responsibility for the breach on the BreachForums underground forum, alleging that it had access to the company's API, WePay, private and public GitHub repositories, Zerto and iLO source code, old user information, and more.

Previously, IntelBroker claimed to have breached organizations such as AMD, Europol, Cisco, Nokia, and others, and its members have served in leadership positions at BreachForums.

And this isn't the first time HPE has faced breaches at the hands of malicious actors. In 2018, APT10 hackers reportedly compromised some HPE systems, hacking into customer devices; and in 2021, its Aruba Central network monitoring platform was breached, allowing threat actors to access data regarding monitored devices.

As HPE investigates the most recent data breach claims, it remains unclear if there is any truth to them, and, if so, how the breach occurred.

"HPE became aware on Jan. 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE," an HPE spokesperson tells Dark Reading. "HPE immediately activated our cyber-response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims."

HPE also reported that there is no evidence that customer information was involved, and currently no operational impact to the business.

**About the Author**

Skilled writer and editor covering cybersecurity for Dark Reading.

HPE Investigates After Alleged Data Breach

Hacker IntelBroker claims to have breached Hewlett Packard Enterprise (HPE), exposing sensitive data like source code, certificates, and…

Hacker IntelBroker claims to have breached Hewlett Packard Enterprise (HPE), exposing sensitive data like source code, certificates, and PII, now available for sale online.

The notorious IntelBroker hacker along with their associates have claimed responsibility for breaching Hewlett Packard Enterprise (**HPE**), a Houston, TX, United States-based global company that provides technology solutions to businesses.

The hacker, who was previously linked to several high-profile data breaches, is now selling the allegedly stolen data, demanding payment in Monero (XML) cryptocurrency to remain anonymous and untraceable.

This was revealed to Hackread.com by the hacker himself and later announced on Breach Forums, a cybercrime and data breach forum administered by the hacker. In an exclusive conversation with Hackread.com, IntelBroker claimed that the breach was the result of a direct attack on HPE’s infrastructure and did not involve compromising a third party for access, as has been **common in recent attacks**.

****What’s in the Allegedly Stolen Data?****

IntelBroker also shared a data tree and two screenshots allegedly taken from the company’s internal infrastructure. The data tree, analyzed by Hackread.com, appears to reference a development or system environment involving both open-source software and proprietary package management systems.

Additionally, the hacker claims to have extracted sensitive data, including source code, private GitHub repositories, Docker builds, certificates (both private and public keys), product source code belonging to Zerto and iLO, user data such as old PII related to deliveries, and access to APIs, WePay, self-hosted GitHub repositories, and more.

IntelBroker on Breach Forums claiming Hewlett Packard Enterprise (HPE) breach Credit: Hackread.com

During Hackread.com’s initial analysis of the alleged data tree, several findings align with the hacker’s claims. The directory structure includes private keys and certificates, such as ca-signed.key and hpe_trusted_certificates.pem, suggesting possible exposure to sensitive cryptographic material.

Source code for HPE products like iLO and Zerto is present, with files such as ilo_client.py and zerto_bootstrapper.py hinting at leaked proprietary implementations. References to .github directories and .tar archives for private repositories further point to compromised development assets.

Additionally, the presence of files like VMW-esx-7.0.0-hpe-zertoreplication.zip and ZertoRunner.exe suggests the possible leak of compiled software packages and deployment files. If verified by HP, this could be a major security incident.

The following image combines two screenshots shared by the hacker, providing detailed insights into Hewlett Packard Enterprise’s internal systems. The first screenshot shared by the hacker shows details of Hewlett Packard Enterprise’s internal SignonService web service. The image displays the service’s endpoint address, WSDL link, and implementation class, potentially exposing sensitive infrastructure information.

The second screenshot reveals sensitive configuration details from Hewlett Packard Enterprise’s internal systems. The image exposes credentials for Salesforce and QIDs integrations, internal URLs for SAP S/4 HANA quoting services, and placeholder email addresses for error logging, potentially highlighting serious security vulnerabilities within HPE’s infrastructure.”

Credit: Hackread.com

****HPE and HP, What’s the Difference?****

While the names Hewlett-Packard Enterprise (HPE) and HP Inc. are often used interchangeably, they are two different companies with different focuses. In 2015, Hewlett-Packard **split** into two separate entities. HP Inc. continues to specialize in consumer products like laptops, desktops, and printers, while Hewlett-Packard Enterprise (HPE) focuses on providing enterprise-level IT solutions, including servers, storage, networking, and cloud computing.

Both companies are separate with independent ownership and management. The mention of this distinction is important, as the reported breach specifically targets HPE, not HP Inc.

****Right After the CICSO Incident****

Intel Broker is known for high-profile data breaches. In October 2024, the hacker announced **breaching Cisco** and stealing terabytes of data. Cisco later confirmed that the stolen data originated from a misconfigured, public-facing DevHub resource exposed without password protection, allowing hackers to download it.

In November 2024, the hackers claimed to have **breached Nokia** through a third-party contractor. The data was being sold for $20,000. The same hackers boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

_This is a developing story. Hackread.com is closely monitoring the situation and will provide updates as new information becomes available. Stay tuned for further details._

1.  **Hacker Leak Over 10,000 DELL Employee Details**
2.  **Acer Data Breach: Hacker Sells 160GB of Stolen Data**
3.  **Dell Discloses Data Breach As Hacker Sells 49M User Data**
4.  **3 Billion National Public Data Records with SSNs Dumped Online**
5.  **Trello Data Breach: Hacker Dumps Personal Info of Millions of Users**
6.  **Hackers Steal Call and Text Records for “Nearly All” AT&T Customers  
    **

Hackers Claim Breach of Hewlett Packard Enterprise, Lists Data for Sale

IN THIS ARTICLE: Hackers have released what they claim to be the second batch of data stolen in…

****IN THIS ARTICLE:****

*   **Hackers’ Claims:** IntelBroker released a second batch of extracted Cisco data, amounting to 4.84 GB, from the October 2024 breach, claiming it is part of a 4.5 TB trove.

*   **Leaked Data Contents:** The data includes sensitive files such as software artifacts, network configurations, testing logs, cloud server images, and cryptographic signatures, exposing intellectual property and operational insights.

*   **Misconfigured Resource Exploitation:** The data originated from a misconfigured, public-facing DevHub resource left exposed without password protection, allowing hackers to download it.

*   **Cisco’s Response:** Cisco acknowledged the incident, stated public access was disabled, and confirmed no servers were breached or sensitive data compromised, though hackers contest this claim.

*   **IntelBroker’s Track Record:** The hacker, known for breaching Apple, AMD, Europol, and others, highlights ongoing exploitation of misconfigured systems, a persistent issue in cybersecurity.

Hackers have released what they claim to be the second batch of data stolen in the alleged Cisco data incident from October 2024. According to **IntelBroker**, the hacker behind the breach, the latest leak, published on Christmas Eve on Breach Forums, contains 4.84 GB of data, part of an allegedly stolen 4.5 TB.

IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

As seen by Hackread.com, the leaked data includes a trove of sensitive files, such as proprietary software development artifacts like Java binaries, source code, and application archives; network-related files including Cisco XRv9K virtual router images and configurations; testing logs and scripts; operational data such as Zero Touch Provisioning (ZTP) logs and packages; cloud server disk images; and cryptographic signatures for payment SDKs like Weixin Pay.

Additionally, the leak contains configuration files, internal project archives, and other miscellaneous documents, potentially exposing intellectual property, network configurations, and operational insights.

File tree shared by IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

****Background****

Notably, the leaked data originates from a misconfigured, public-facing DevHub resource that Cisco reportedly left exposed without password protection or security authentication, enabling the hackers to download the entire dataset **in October 2024.**

IntelBroker who accessed the misconfigured server claims they managed to extract 4.5TB of information. The first part of the data leak, which included 2.9 GB of files, was **published on December 17, 2024**.

****Cisco’s Response****

Cisco **acknowledged** (PDF) the October 2024 incident and stated that public access was disabled. The company also confirmed that none of its servers were breached and no sensitive data was compromised. However, the hackers claim otherwise, particularly regarding the extracted data.

Regarding the latest leak, Cisco noted on its incident response page that it is aware of the claims made by IntelBroker, asserting that the data published this time also stems from the October 14, 2024, incident.

> _“On Wednesday, December 25, 2024, at 17:07 EST, the threat actor IntelBroker posted on X about releasing more data. At 17:40 EST, IntelBroker released 4.45 GB of data for free on BreachForums. We have analyzed the post data, and it aligns with the known data set from October 14, 2024.”_  
> 
> Cisco

****Intel Broker and Previous Breaches****

Intel Broker is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis **have targeted** misconfigured servers and S3 buckets.

1.  **IntelBroker Claim Access to Nokia Internal Data, Selling for $20K**
2.  **Europol Hacked: IntelBroker Claims Major Law Enforcement Breach**
3.  **IntelBroker Space-Eyes Breach, Targeting US National Security Data**
4.  **IntelBroker Claims Breach of Top Cybersecurity Firm, Selling Access**
5.  **AMD Data Breach: IntelBroker Claims Theft of Employee, Product Info**

Hackers Release Second Batch of Stolen Cisco Data

Yet another day, yet another data leak tied to Cisco!

****SUMMARY:****

*   **Partial Data Leak**: Hackers leaked 2.9GB of Cisco’s data on _Breach Forums_ on December 16, 2024.

*   **Exposed Records**: The leaked data is part of a 4.5TB dataset that was allegedly left unprotected by Cisco in October 2024.

*   **Previous Incident**: IntelBroker previously claimed responsibility for accessing the exposed data and attempted to sell it, including sensitive information from companies like Verizon, AT&T, and Microsoft.

*   **Cisco’s Response**: Cisco previously denied any compromise of core systems, attributing the issue to a misconfigured public-facing DevHub resource.

*   **Proof of Legitimacy**: IntelBroker released this partial leak to demonstrate the validity of their claims and attract buyers for the remaining data.

**RIBridges Breach**: Hackers infiltrated Rhode Island’s health and benefits system, demanding ransom and threatening to leak sensitive data.

On Monday, December 16, 2024, hackers leaked what they referred to as “partial data” belonging to technology and cybersecurity giant Cisco. The leak occurred on the cybercrime and data breach platform Breach Forums, where IntelBroker, a notorious hacker and the forum’s owner, released 2.9 GB of data for download.

****Important Background****

The leaked data is part of the 4.5TB content that hackers claim was left exposed by Cisco without any password protection or security authentication, allowing them to download the entire dataset in October 2024.

Hackread.com exclusively reported on the incident on October 14, 2024, when IntelBroker attempted to sell the data, which allegedly included source codes, confidential documents, and credentials belonging to global firms like Verizon, AT&T, Microsoft, and others.

At the time, Cisco did not respond to Hackread.com but denied any compromise of their core systems, attributing the incident to a misconfigured public-facing DevHub resource. However, IntelBroker maintained they had access until October 18 and provided evidence to Hackread.com showing they exploited an exposed token for JFrog, a software supply chain platform, to access the exposed content.

****What’s in the Leaked Data?****

This time, IntelBroker has leaked a portion of the data in an attempt to prove its legitimacy to potential buyers. “Hopefully, this proves the legitimacy of the breach to others wanting to buy the full version,” the hacker stated.

The 2.9GB leak reportedly contains the following:

*   **Cisco ISE (Identity Services Engine)**: A security policy platform that provides secure network access control and identity management.

*   **Cisco SASE (Secure Access Service Edge)**: A cloud-delivered solution that combines networking and security functions for secure access from anywhere.

*   **Cisco Webex**: A collaboration platform offering video conferencing, messaging, and calling solutions for teams and businesses.

*   **Cisco Umbrella**: A cloud-based DNS security solution that protects users from threats by securing internet access and blocking malicious domains.

*   **Cisco IOS XE & XR**: Network operating systems used in Cisco routers and switches, enabling advanced networking, automation, and programmability.

*   **Cisco C9800-SW-iosxe-wlc.16.11.01**: A software-based Wireless LAN Controller (WLC) image that manages and controls wireless networks running on Cisco Catalyst 9800 Series platforms.

Here’s a screenshot from Breach Forums showing what the hackers have leaked and the claims they are making:

IntelBroker on Breach Forums (Screenshot credit: Hackread.com)

****Intel Broker and Previous Breaches****

Intel Broker is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Nevertheless, the partial leak goes on to show ongoing exploitation of misconfigured systems and exposed data. The scale of exploitation is evident, as even high-profile hackers like ShinyHunters and Nemesis **have targeted** misconfigured servers and S3 buckets.

While Cisco has yet to respond to this latest development, IntelBroker’s actions also show how such incidents can escalate into extortion attempts. Whether the remaining 4.5TB dataset will be sold, leaked, or resolved remains to be seen, but it’s a reminder for organizations to maintain their security practices and protect sensitive data.

1.  IntelBroker Claim Access to Nokia Internal Data, Selling for $20K
2.  Europol Hacked: IntelBroker Claims Major Law Enforcement Breach
3.  IntelBroker Space-Eyes Breach, Targeting US National Security Data
4.  IntelBroker Claims Breach of Top Cybersecurity Firm, Selling Access
5.  AMD Data Breach: IntelBroker Claims Theft of Employee, Product Info

Hackers Leak Partial Cisco Data from 4.5TB of Exposed Records

A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss.

****SUMMARY****

*   **MOVEit Flaw and Data Leak**: Data stolen during the MOVEit hack spree is still creating issues for companies.

*   **Nam3L3ss and the Leaks:** A self-proclaimed “data vigilante” named Nam3L3ss has leaked over 760,000 employee records from 27 major companies, including Bank of America, and Nokia + Jll.com’s database containing 12 million rows taking the total number to 13.12 million.

*   **Leaked Data Content:** Leaked data includes sensitive and non-sensitive information such as names, emails, phone numbers, addresses, and company location coordinates.

*   **Cl0p Ransomware Link:** Originally, the data was stolen by the Cl0p ransomware gang after exploiting the MOVEit flaw, while Nam3L3ss is cleaning and leaking the data.

A self-proclaimed “Data Vigilante” named Nam3L3ss has once again caused widespread concern by leaking millions of employee records online, highlighting the fallout from the major security vulnerability in file transfer software called MOVEit.

As seen by Hackread.com, Nam3L3ss has released the information of over 760,000 employees of major organizations on a popular hacking forum ‘BreachForums’ on Monday morning. The leak additionally includes the Jones Lang LaSalle Incorporated (JLL.com) database, containing over 12 million data rows, bringing the total number of leaked records to 13.12 million.

Nam3L3ss on Breach Forums leaking the Bank of America employee data (Source: Hackread.com)

****The MOVEit Mess****

The MOVEit vulnerability was identified in Progress Software’s file transfer tool in 2023 allowing threat actors unauthorized access to sensitive data. Hackers affiliated with the Cl0p ransomware gang exploited this vulnerability and stole information from thousands of companies, impacting an estimated 2,800 organizations and nearly 100 million individuals. They even created clear web websites to leak the stolen data in July 2024.

****Nam3L3ss Leaks Millions****

In November 2024, as reported by Hackread.com, Nam3L3ss emerged on the scene, leaking what they claim is data obtained from the MOVEit breach. These leaks targeted industry giants like Amazon, 3M, HP, and Delta, raising serious concerns about the security practices employed by these corporations. At that time, Nam3L3ss leaked over 7.9 million records from 27 companies.

Hackread.com analyzed the leaked data and found it contained a mix of sensitive and non-sensitive information, including names, email addresses, phone numbers, office and residential addresses, and even company location coordinates. This information could be used by malicious actors for social engineering attacks, identity theft, or targeted phishing scams.

Just weeks after the initial leaks from Nam3L3ss, another batch of employee data surfaced online on Monday. This new data dump contained records from companies like Bank of America, Koch Industries, Nokia, and Morgan Stanley, and appears to be linked to the same MOVEit vulnerability.

Here’s the full list of companies involved in this leak:

*   audible.com – 3,790
*   b-f.com – 1,302
*   xerox.com – 42,735
*   univision.net – 5,954
*   saic.com – 26,917
*   nokia.com – 94,252
*   meijer.com – 7,422
*   cna.com – 6,680
*   cm3.com.au – 6,153
*   ciena.com – 10,820
*   bwater.com – 2,161
*   kochinc.com – 237,486
*   medibank.com.au – 5,201
*   morganstanley.com – 32,860
*   bankofamerica.com – 288,296
*   joneslanglasalle.com aka jll.com – 12,352,524

*   Total: 13,124,553

While Nam3L3ss claims to be a vigilante bringing attention to security flaws, their motives remain unclear. Regardless of their intentions, these leaks expose the significant impact of the MOVEit vulnerability and the risks posed by stolen employee data.

If you’re an employee of one of the affected companies, stay alert for phishing attempts. These could come through email, text messages (smishing), or even phone calls (vishing), as scammers might use this leaked data to target you.

1.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Details**
2.  **Hackers Calling Employees to Steal VPN Credentials from US Firms**
3.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
4.  **Hacker Leaks Data of 33K Accenture Employees in 3rd-Party Breach**
5.  **Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore**

Tag

#nokia