On November 4, 2024 an infamous threat actor that goes by IntelBroker published a message about selling a huge piece of Nokia source code. The leak allegedly comes from one of the contractors of the company and helped them with developing some of the internal tools. While the leak does not contain any user or employee information, it still has security keys and other critical details.
Contractor of Nokia Hacked, Leaking Internal Information
The IntelBroker’s publication on BreachForums offers a tiny glimpse into the files and data that was leaked in the Nokia contractor hack. Instead of data samples, the hacker offers a file tree from leaked repositories. They, in turn, allow judging about the true size of the leak and parts of the source code that are exposed.
Within the file tree, there are a lot of mentions of radioelectronics and optical elements, which aligns with current Nokia affairs. After selling their mobile phone business in 2016, the company switched to development and integration of network and optical systems. The hacker claims to possess Bitbucket login credentials that belong to the contractor, which explains where all that code and files come from.
Though, there is little to no information regarding how old are these files. It is often to see Darknet leaks being composed of data exposed in older hacks; criminals post such collections hoping for someone gullible to believe it is genuine. Nonetheless, it is not typical for IntelBroker, the hacker, to pull such a trick, so I believe it is quite likely genuine.
Earlier this year, IntelBroker was selling data leaked from Hewlett Packard, the famous printing equipment manufacturer. Over the years, the guy got quite a fame of being a bad omen for companies.
Keys and Credentials Leaked
One thing that the file tree does not show is the selection of leaked RSA and SSH encryption keys, used by Nokia (or its contractor) to access certain servers. While their exposure can indeed threaten the company, the fact that the hacker offers them for sale likely means there is not too much happening inside.
The problem with offering such keys to the public is that they are about to go stale as soon as the internal investigation within the company begins. However, history remembers situations where companies either completely ignored the fact of key leakage, or replaced them incorrectly. This eventually resulted in repeated compromise and even more leaks.
One more thing that the hackers have allegedly managed to leak is the login data for the SMTP accounts. The emails sent through the protocol can have some value on their own, but may contain some important information about the other data.
Overall, the leak is not something groundbreaking or unseen. Hackers retrieved a huge amount of technical data, but only a few of its elements may actually carry any danger to the company. Nonetheless, Nokia should do a major security overhaul, to prevent the data exposed in the breach from being effectively used against them. This as well touches this unknown contractor of the company, who is obviously guilty for this entire story.
