Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company’s stolen source code.
“Nokia is aware of reports that an unauthorized actor has alleged to have gained access to certain third-party contractor data and possibly data of Nokia,” the company told BleepingComputer.
“Nokia takes this allegation seriously and we are investigating. To date, our investigation has found no evidence that any of our systems or data being impacted. We continue to closely monitor the situation.”
This statement comes after a threat actor known as IntelBroker claimed to be selling Nokia source code that was stolen after they breached a third-party vendor’s server.
“Today, I am selling a large collection of Nokia source code, which we got from a 3rd party contractor that directly worked with Nokia to help aid their development of some internal tools.”
IntelBroker states that the stolen data contains SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials.
The threat actor told BleepingComputer that they gained access to the third-party vendor’s SonarQube server using default credentials, allowing them to download customers’ Python projects, including those belonging to Nokia.
BleepingComputer shared a file tree of the allegedly stolen data with Nokia, asking if the data belonged to them, but has not received a response at this time.
IntelBroker gained notoriety after breaching DC Health Link, an organization that administers the health care plans of U.S. House members, their staff, and their families.
Other cybersecurity incidents linked to IntelBroker are the breaches of Hewlett Packard Enterprise (HPE) and the Weee! grocery service.
More recently, the threat actor leaked data from numerous companies, including T-Mobile, AMD, and Apple, which was stolen from a third-party SaaS vendor.
Source link