.webp)
The United States Department of State has launched an investigation into a possible cyber attack after confidential documents, which were reportedly obtained by a malicious actor, were leaked from a government contractor.
Breach Announcement On BreachForums
The post, dated April 2, 2024, claims that the data was obtained by infiltrating Acuity Inc, a company alleged to work closely with the US government and its allies.
According to a recent tweet by HackManac, the alleged security breach at Acuity Inc has resulted in the exposure of highly sensitive intelligence documents belonging to the Five Eyes Intelligence Group (FVEY).
The hackers assert that the breach resulted in acquiring full names, emails, office numbers, personal cell numbers, and government, military, and Pentagon email addresses.
The compromised data also includes classified information and communications between the Five Eyes countries and their allies.
Implications Of The Leak
If confirmed, the leak could have significant implications for national security and the operational integrity of the intelligence-sharing network.
At the time of reporting, there has been no official statement from any of the Five Eyes member countries or Acuity Inc. regarding the authenticity of the leaked documents or the extent of the breach.
- The silence from official channels has led to speculation and concern among cybersecurity experts and government officials alike.
- Cybersecurity agencies are likely to conduct thorough investigations to ascertain the validity of the claims made by the hackers.
- According to their claims, the leaked data includes the full names, emails, office numbers, and personal cell numbers of government, military, and Pentagon employees, as well as their email addresses.
- It is not known if these incidents are related to the Five Eyes data leak.
- However, some of the data leaked in the ICE/USCIS forum post is also contained in the Five Eyes post, indicating an overlap.
IntelBroker gained notoriety after breaching DC Health Link, the organization that administers the health care plans of U.S. House members, their staff, and their families.
- April 3, 2024
- 02:55 PM
- 1
The U.S. Department of State is investigating claims of a cyber incident after a threat actor leaked documents allegedly stolen from a government contractor.
Acuity, the company purportedly breached to steal this information, is a technology consulting firm with almost 400 employees and a $100+ million annual revenue.
- "The Department is aware of claims that a cyber incident has occurred and is currently investigating," a State Department spokesperson told BleepingComputer.
- "The Department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the Department's cybersecurity posture. For security reasons, we will not provide details on the nature and scope of the claim."
According to their claims, the leaked data includes the full names, emails, office numbers, and personal cell numbers of government, military, and Pentagon employees, as well as their email addresses.
- "Today, I am releasing the documents belonging to the Five Eyes Intelligence Group," the threat actor says in a Tuesday post on a hacking forum.
- "This data was obtained by breaching into Acuity Inc, a company that works directly with the US Government and its allies."
- It is not known if these incidents are related to the Five Eyes data leak.
- However, some of the data leaked in the ICE/USCIS forum post is also contained in the Five Eyes post, indicating an overlap.
- The incident resulted in a congressional hearing after the personal data belonging to 170,000 affected individuals, including members and staff of the U.S. House of Representatives, was exposed.
Other cybersecurity incidents linked to IntelBroker are the breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service, as well as an alleged breach of General Electric Aviation.
NSA and Acuity spokespersons were not immediately available for comment when contacted by BleepingComputer earlier today. CISA declined to comment.
Five Eyes data reportedly exfiltrated in US federal contractor breach
Threat actors are claiming to have stolen data belonging to the Five Eyes intelligence group after breaching a US national security technology contractor.
Daniel Croft •Thu, 04 Apr 2024•SECURITY
The hackers took to BreachForums to announce that they had exfiltrated data from the firm and posted a sample as proof.
“Today, I am releasing the documents belonging to the Five Eyes intelligence group,” BreachForums user “IntelBroker”, a threat actor with a history of targeting high-profile organisations such as T-Mobile, Facebook Marketplace, General Electric, the US Citizenship and Immigration Services (USCIS) and DC Health Link.
“This data was obtained by breaching into Acuity Inc, a company that works directly with the US government and its allies.”
According to IntelBroker, who is reportedly one of three hackers behind the breach, alongside “Sanggiero” and “EnergyWeaponUser”, exfiltrated data includes full names, emails, office numbers, personal mobile numbers, government, military and Pentagon email addresses and “classified information and communications between the 5 eyes, 14 eyes and the US’s allies”.
“The department is aware of claims that a cyber incident has occurred and is currently investigating,” a spokesperson for the State Department told BleepingComputer.
“The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department’s cyber security posture.
“For security reasons, we will not provide details on the nature and scope of the claim.”
The sample posted to BreachForums includes what appear to be memos containing communications between government agencies and members; however, the legitimacy of the memos is unverified.
According to findings by the research team at CyberNews, while some of the leaked data could be sensitive, the information appears to be quite old, with records dated only as late as 2016.
“The dump itself is strange, as it has some formatting issues that would be incompatible with SQL – meaning it cannot be restored into a local database for easier analysis,” the CyberNews researchers said.
Additionally, IntelBroker has claimed a number of government data breaches before, including on the Department of Defense, the US Army and the US Immigration and Customs Enforcement (ICE).
While there is no way to confirm this, the most recent leak could be connected to the earlier attacks. However, this is unconfirmed.
There is, however, some crossover between the data in the most recent leak and that shared in the USCIS/ICE leak.
No comments:
Post a Comment