A notorious hacker, thought to be behind many recent breaches of large tech companies, has added Apple to the list after claiming to have the source code to three commonly used internal tools following a June 2024 data breach.
The threat actor, known as IntelBroker on the criminal forums they inhabit, has previously claimed to have data extracted from compromises of Europol and AMD. Having posted to X, formerly known as Twitter, about having access to the source code of three internal tools used at Apple, including a single sign-on authentication system known as AppleConnect, the IntelBroker account was suspended. However, a posting by dark web threat intelligence account Dark Web Informer has repeated the claim, along with a criminal forum screenshot showing the tools listed as AppleConnect-SSO, Apple-HWE-Confluence-Advanced and AppleMacroPlugin.
The dark web BreachForums posting by IntelBroker stated: “I’m releasing the internal source code to three of Apple’s commonly used tools for their internal site, thanks for reading and enjoy!”
Stolen Apple Source Code Analysis
An analysis of the leaked code by the security team at cybersecurity consultancy AHCTS revealed that the released code isn’t actually the source to the internal tools themselves, but rather “proprietary internal plugins and configurations” that are used “to connect Apple proprietary authentication systems to Atlassian Jira and Confluence, for Single Sign On authentication within the Apple corporate network.”
The highly technical analysis by AHCTS concludes that the leak of these custom plugins “poses significant cybersecurity risks,” but no Apple end-user products or services are impacted. The detailed configurations and sensitive information contained within the code could, AHCTS said, “potentially be exploited by malicious actors.”
I have asked Apple for a statement and will update this breaking news article as more is known.
