Nokia Investigates Breach after the hacker InterBroker claims to have stolen source code and much more!
Nokia is currently investigating a potential data breach after a threat actor, known as IntelBroker, claimed to have stolen and is selling the company’s source code. The alleged theft didn’t directly target Nokia’s systems; instead, the hacker claims to have accessed the data through a compromised third-party vendor. This highlights the significant vulnerability companies face through their supply chains.
Nokia has publicly stated that their own systems appear unaffected, but the investigation is ongoing. “Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company confirmed to BleepingComputer. “Nokia takes this allegation seriously and we are investigating. To date, our investigation has found no evidence that any of our systems or data being impacted. We continue to closely monitor the situation.”
Technical Details of the Alleged Nokia Data Breach
IntelBroker, known for previous high-profile breaches targeting organizations like DC Health Link, Hewlett Packard Enterprise, Weee! grocery service, T-Mobile, AMD, and Apple (all through third-party vendors), claims the Nokia source code was obtained by exploiting a vulnerability in a third-party vendor’s SonarQube server.
The hacker allegedly gained access using default credentials, a common security oversight. Once inside, IntelBroker reportedly downloaded numerous Python projects belonging to Nokia and other clients. The stolen data allegedly includes sensitive information such as SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials. BleepingComputer shared a file tree of the allegedly stolen data with Nokia to verify its authenticity, but hasn’t yet received a response.
The breadth and depth of the allegedly compromised data underscore the severity of this potential Nokia security breach. The use of default credentials highlights the critical need for robust security practices, including strong password policies and regular security audits, across all levels of an organization’s supply chain. This incident serves as a stark reminder that even large corporations are vulnerable to attacks that exploit weaknesses in their extended ecosystem.
The Threat Actor IntelBroker and Its Modus Operandi
IntelBroker’s actions demonstrate a sophisticated understanding of exploiting vulnerabilities within third-party vendor ecosystems. Their previous successes against various organizations suggest a pattern of targeting less secure third-party vendors to gain access to larger, more valuable targets.
The use of default credentials in this alleged Nokia breach points to a lack of basic security measures on the part of the third-party vendor. This attack vector, while seemingly simple, is incredibly effective, highlighting the importance of comprehensive security audits and training for all partners in a company’s supply chain. The scale of the alleged data breach, including the variety of sensitive information reportedly obtained, underscores the significant risk posed by such attacks.
The ongoing investigation by Nokia is crucial to determine the full extent of the damage and implement appropriate preventative measures. This Nokia data breach serves as a case study in the evolving landscape of cyber threats and the importance of robust security measures throughout an organization’s entire ecosystem. The Nokia security breach underscores the need for proactive security measures, not just within a company’s own infrastructure, but also across its entire supply chain.
Nokia’s Response to the Security Breach and Ongoing Investigation
While the company has yet to confirm the authenticity of the stolen data, their public statement acknowledges the seriousness of the allegations. The investigation’s focus on determining whether a third-party vendor was breached highlights the importance of supply chain security.
Nokia’s commitment to transparency, even in the face of a potential security breach, is commendable. The outcome of this investigation will be crucial in shaping future security practices, not just for Nokia, but for other organizations facing similar risks. The Nokia breach highlights the growing importance of robust security practices, including regular security audits and strong password policies, throughout an organization’s entire ecosystem.
