Chipmaker AMD is investigating a data breach after the notorious BreachForum hacker IntelBroker claimed possession of stolen internal data from the leading gaming and computing chipmaker.
The development comes days after the revival of BreachForums, seized briefly in May by law enforcement, with IntelBroker offering to sell sensitive AMD data from a fresh breach.
“We are aware of a cybercriminal organization claiming to be in possession of stolen AMD data,” AMD said in a widely reported statement. “We are working closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data.”
While AMD confirmed that it is investigating the alleged breach, IntelBroker has posted previews of stolen data that include employee database, customer database, source codes, and firmware data.
Sensitive data offered in exchange for crypto
In the post on Breach Forums, IntelBroker outlined the extent of the data breach, claiming to have accessed various types of information, including ROMs, firmware, source code, property files, and databases containing employee and customer details. Additionally, the hacker asserted having obtained financial information, future AMD product plans, and technical specification sheets.
The alleged employee database breach includes sensitive personal information such as user IDs, job functions, email addresses, employment status, names, and business phone numbers.
IntelBroker specified that “Only XMR”, the Monero cryptocurrency, will be accepted as the mode of payment and has asked members of the forum to quote prices. Additionally, the BreachForum moderator mentioned that “Middlemen” will be allowed to broker a deal for the purchase of data.
This isn’t the first time InterBroker has specifically asked for payments in XMR. In a high-profile breach in May, the threat actor had similar payment demands in return for sharing hacked classified, law enforcement data from one of Europol’s web platforms.
A parallel Apple breach
A day after the AMD breach post, IntelBroker made another hack post, this time claiming possession of source codes of a few of Apple’s widely used tools. The tools include AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin.
“In June 2024, Apple.com suffered a data breach and lead to the exposure of some of their internal tools,” said IntelBroker in a dark web post. “Today, I’m releasing the internal source code to 3 of Apple’s commonly used tools for their internal site, thanks for reading and enjoy!”
While Apple is yet to confirm the breach, the threat actor has put up stolen codes for 8 forum credits for its members to view and download.
Breach Forums is a revived version of the cybercrime site Raid Forums, used by IntelBroker and their associated threat group, CyberNiggers. IntelBroker is a key member, specializing in initial access brokering, system vulnerability exploitation, and selling compromised access on the dark web. Recently, the hacker breached Space-Eyes, a geospatial intelligence firm serving US government agencies. Previously, they have been linked to breaches at Colonial Pipeline, US federal contractor Acuity, ZScaler, and General Electric.