Nokia, a leader in telecommunications, is investigating a cybersecurity breach after a hacker, known as IntelBroker, claimed to have accessed and is attempting to sell Nokia’s source code.
What happened
The breach came to light when IntelBroker claimed to have accessed sensitive data through a third-party contractor working with Nokia. The hacker announced possession of a collection of Nokia's source code, allegedly obtained from a contractor developing internal tools for the company. In response, Nokia confirmed it is taking these claims seriously and is conducting an investigation. Preliminary findings suggest that Nokia’s systems are not directly compromised, but the situation remains under scrutiny.
IntelBroker also claimed access to sensitive credentials, including SSH and RSA keys and login details for services like BitBucket and SMTP accounts. The exposure of this data could have serious implications for Nokia and its partners if exploited.
Going deeper
The breach reportedly occurred through IntelBroker’s access to the third-party contractor's SonarQube server, infiltrated using default credentials. The incident shows the need for strong security practices, especially with external partners. Default credentials are a known vulnerability, and this breach reminds companies to enforce stricter security standards with third-party vendors.
In the know
IntelBroker is linked to multiple breaches, including incidents involving DC Health Link and Hewlett Packard Enterprise. Recently, the threat actor leaked data stolen from a third-party SaaS vendor, impacting companies such as T-Mobile, AMD, and Apple. These attacks indicate a growing cybersecurity trend, where attackers target less secure third-party systems to reach larger organizations.
Why it matters
This breach shows how quickly security can unravel when third-party contractors aren’t fully secured. If hackers gain access through a vendor, they can expose core data like source code and credentials, putting company assets at risk. For Nokia, this raises the stakes around contractor oversight and the necessity of strict access controls. The takeaway? Companies must lock down vendor access as tightly as their systems to protect sensitive information.
FAQs
What is source code?
Source code is the set of instructions or code written by developers to create software programs. It’s what makes applications work and can be understood and modified by other programmers.
What is SSH?
SSH, or Secure Shell, is a protocol used to securely connect to a remote computer or server. It allows you to transfer files and run commands securely over an encrypted connection.
What are RSA keys?
RSA keys are a type of encryption used in SSH for secure connections. They come in pairs—a public key and a private key. The public key can be shared, while the private key should be kept secure. Together, they authenticate your identity and keep data safe during transmission.
What is BitBucket?
BitBucket is an online platform for developers to store, manage, and share source code. It’s similar to GitHub, and it supports Git repositories, helping teams collaborate on projects.
What are SMTP accounts?
SMTP (Simple Mail Transfer Protocol) accounts send emails from one server to another. They’re fundamental for email communication, especially for sending emails from websites, apps, or other software applications.
Farah Amod
