{ "id": "5f38ef8c-e870-4a74-b09a-cdce14941e2f", "created_at": "2026-04-06T00:17:08.141986Z", "updated_at": "2026-04-10T13:12:13.130226Z", "deleted_at": null, "sha1_hash": "74b40a88b6d2c0164a38b467cf7a036b61508b7b", "title": "CySecurity News - Latest Information Security and Hacking Incidents: Infamous Hacker IntelBroker Breaches Apple's Security, Leaks Internal Tool Source Code", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 77260, "plain_text": "CySecurity News - Latest Information Security and Hacking\r\nIncidents: Infamous Hacker IntelBroker Breaches Apple's\r\nSecurity, Leaks Internal Tool Source Code\r\nBy CySecurity News, twitter.com/ehackernews\r\nArchived: 2026-04-05 14:14:39 UTC\r\nA prominent threat actor known as IntelBroker, notorious for orchestrating several high-profile data breaches, has\r\nnow set its sights on Apple.\r\nThe hacker successfully leaked the company’s source code associated with several internal tools, announcing this\r\ndevelopment through a post on the dark web.\r\nAccording to reports from IntelBroker, the iPhone maker experienced a significant security breach, leading to this\r\nexposure. The threat actor claims to have obtained the source code for various internal tools, including\r\nAppleConnect SSO and AppleMacroPlugin.\r\nWhile details about these tools are scarce, it is known that AppleConnect SSO is a system used for authentication,\r\nallowing employees to access specific applications within the network.\r\nThese systems are integrated with the company's database, providing a secure form of access to its\r\nresources.Within iOS, apps launched by employees can use AppleConnect SSO for login purposes, where users\r\nhttps://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html\r\nPage 1 of 2\n\nset up patterns instead of passcodes for easier access.\r\nThe threat actor has not provided further details, but it is speculated that this data might be for sale, although this\r\nremains unconfirmed. Importantly, such breaches are localized internally and do not affect the company’s\r\ncustomer data.\r\nA source familiar with these matters noted that dark web forums have strong vetting processes to filter out\r\nscammers attempting to sell leaked content. However, IntelBroker has managed to navigate these processes and\r\nhas a reputation for successfully doing so.\r\nThis group has a history of hacking attempts, including attacks on American governmental institutions and\r\nwebsites, demonstrating its capabilities. Apple has yet to release a statement regarding this breach and the theft of\r\nits source code.\r\nSource: https://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html\r\nhttps://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html" ], "report_names": [ "infamous-hacker-intelbroker-breaches.html" ], "threat_actors": [ { "id": "0263e1e1-4568-410a-a5e4-6932db1d40da", "created_at": "2024-06-26T02:00:04.854969Z", "updated_at": "2026-04-10T02:00:03.667295Z", "deleted_at": null, "main_name": "IntelBroker", "aliases": [], "source_name": "MISPGALAXY:IntelBroker", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434628, "ts_updated_at": 1775826733, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/74b40a88b6d2c0164a38b467cf7a036b61508b7b.pdf", "text": "https://archive.orkl.eu/74b40a88b6d2c0164a38b467cf7a036b61508b7b.txt", "img": "https://archive.orkl.eu/74b40a88b6d2c0164a38b467cf7a036b61508b7b.jpg" } }