Nokia is investigating a potential breach of its data following claims by a hacker known as IntelBroker, who alleges to have stolen and is attempting to sell the company’s source code. The hacker reportedly accessed a third-party vendor’s server, which had been contracted to work with Nokia. Using default credentials, the attacker was able to download various sensitive files, including source code, SSH keys, RSA keys, and credentials for several accounts associated with Nokia’s operations. Nokia confirmed the breach, stating that it was taking the allegations seriously, though it has yet to provide a detailed response about the stolen data.
The breach is believed to have occurred via the third-party vendor’s SonarQube server, which was improperly secured with default login credentials. This oversight enabled the hacker to access and extract confidential data, including Python projects and other resources related to Nokia’s internal tools. While the hacker has shared files containing the stolen information, Nokia has yet to confirm whether the data is indeed theirs. The company maintains that its systems have not been directly affected by the breach and has emphasized that it continues to monitor the situation closely.
IntelBroker is no stranger to high-profile data breaches, having previously compromised several organizations. Notably, the hacker gained notoriety after breaching DC Health Link, the service that manages healthcare plans for U.S. House members and their families. Additionally, IntelBroker has been linked to other breaches involving major corporations such as Hewlett Packard Enterprise (HPE), Weee!, and more recently, T-Mobile, AMD, and Apple. The hacker’s modus operandi typically involves accessing third-party SaaS vendors and using their credentials to infiltrate the networks of larger organizations, a method that has raised serious concerns about third-party security in supply chains.
At this time, Nokia has stated that it is taking all necessary steps to secure its data and systems, though it has not yet confirmed the specifics of the stolen files. The company is conducting a thorough investigation and working with relevant authorities to understand the full scope of the breach. While it has not provided an update on whether it plans to take legal action or inform affected parties, the ongoing investigation highlights the growing risks associated with third-party vulnerabilities. This incident underscores the importance of robust security measures, both within an organization’s own systems and those of its contractors.
Reference: