Excerpt from BleepingComputer Article, Published on Nov 25, 2023
General Electric (GE), a prominent American multinational spanning the power, renewable energy, and aerospace sectors, is currently investigating a potential breach in its development environment following claims by a threat actor regarding a cyberattack and leaked data.
Reports surfaced when a threat actor named IntelBroker attempted to sell access to GE’s purported “development and software pipelines” on a hacking forum for $500. Following the actor’s failure to find buyers for the access, the hacker shared screenshots showing the actor selling both network access and allegedly stolen data, including private data pertaining to DARPA-affiliated military projects.
In response to inquiries by BleepingComputer, a GE spokesperson acknowledged the claims made by the threat actor and confirmed an ongoing investigation into the alleged data breach. The company emphasized its commitment to taking the necessary measures to safeguard the integrity of its systems.
While the breach remains unverified, IntelBroker has a track record of successful cyberattacks, including breaching the Weee! grocery service and pilfering sensitive personal data from the District of Columbia’s D.C. Health Link program. This intrusion led to widespread media coverage and prompted a congressional inquiry to probe the breach’s causes.
Mila Kofman, the Executive Director of the District of Columbia Health Benefit Exchange Authority, explained during the subsequent congressional hearing that the data exposure occurred as a result of a misconfigured server, making it accessible online—a vulnerability that threat actors like IntelBroker exploited.
To delve deeper into this topic, please read the full article on BleepingComputer