Nokia is investigating whether or not a third-party vendor was breached after a hacker claimed to be promoting the corporate’s stolen supply code.
“Nokia is conscious of experiences that an unauthorized actor has alleged to have gained entry to sure third-party contractor information and probably information of Nokia,” the corporate advised BleepingComputer.
“Nokia takes this allegation severely and we’re investigating. So far, our investigation has discovered no proof that any of our techniques or information being impacted. We proceed to intently monitor the state of affairs.”
This assertion comes after a risk actor often known as IntelBroker claimed to be promoting Nokia supply code that was stolen after they breached a third-party vendor’s server.
“At present, I’m promoting a big assortment of Nokia supply code, which we obtained from a third celebration contractor that straight labored with Nokia to assist help their improvement of some inside instruments.”
Supply: BleepingComputer
IntelBroker states that the stolen information comprises SSH keys, supply code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.
The risk actor advised BleepingComputer that they gained entry to the third-party vendor’s SonarQube server utilizing default credentials, permitting them to obtain clients’ Python tasks, together with these belonging to Nokia.
BleepingComputer shared a file tree of the allegedly stolen information with Nokia, asking if the information belonged to them, however has not obtained a response presently.
IntelBroker gained notoriety after breaching DC Well being Hyperlink, a corporation that administers the well being care plans of U.S. Home members, their workers, and their households.
Different cybersecurity incidents linked to IntelBroker are the breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service.
Extra just lately, the risk actor leaked information from quite a few corporations, together with T-Cell, AMD, and Apple, which was stolen from a third-party SaaS vendor.