Nokia is investigating whether or not a third-party vendor was breached after a hacker claimed to be promoting the corporate’s stolen supply code.
“Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the corporate informed BleepingComputer.
“Nokia takes this allegation seriously and we are investigating. To date, our investigation has found no evidence that any of our systems or data being impacted. We continue to closely monitor the situation.”
This assertion comes after a risk actor generally known as IntelBroker claimed to be promoting Nokia supply code that was stolen after they breached a third-party vendor’s server.
“Today, I am selling a large collection of Nokia source code, which we got from a 3rd party contractor that directly worked with Nokia to help aid their development of some internal tools.”
IntelBroker states that the stolen information comprises SSH keys, supply code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.
The risk actor informed BleepingComputer that they gained entry to the third-party vendor’s SonarQube server utilizing default credentials, permitting them to obtain clients’ Python tasks, together with these belonging to Nokia.
BleepingComputer shared a file tree of the allegedly stolen information with Nokia, asking if the information belonged to them, however has not acquired a response presently.
​IntelBroker gained notoriety after breaching DC Well being Hyperlink, a corporation that administers the well being care plans of U.S. Home members, their employees, and their households.
Different cybersecurity incidents linked to IntelBroker are the breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service.
Extra just lately, the risk actor leaked information from quite a few corporations, together with T-Cell, AMD, and Apple, which was stolen from a third-party SaaS vendor.