Nokia waves off IntelBroker breach claims, says leaked source code came from a third party application

Nokia logo pictured at the Mobile World Congress (MWC) in Barcelona, Spain, in February 2024.
(Image credit: Getty Images)

Nokia has issued a statement claiming leaked source code data published on an underground hacking forum was stolen from a third-party server and poses no threat to Nokia or its customers.

The Finnish telecommunications company downplayed the severity of the incident, claiming no company or customer data was implicated in the leak.

The prominent threat actor IntelBroker listed a “large collection of Nokia source code’ to the notorious BreachForums on 4 November, offering the stolen archive for sale.

It claimed it was able to steal the information from a third-party contractor that had been working closely with Nokia to help develop internal tools.

The compromised data was said to include SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.

According to external analysis of the sample data provided by IntelBroker, the leaked data also contained potentially sensitive customer information related to Vodafone Idea, India’s largest telecoms company.

Nokia immediately launched an investigation into the incident, maintaining at the time it was not aware of any malicious activity impacting its systems or data.

On 7 November, IntelBroker posted on social media stating that it would be publishing the entire collection of stolen data as Nokia refused to acknowledge the breach.

“Since Nokia have denied that they had their data taken from a 3rd party, the data is now freely available to download.”

Nokia says stolen data poses no threat to company or customers

IntelBroker told one outlet it extracted the information after gaining access to a third-party vendor’s SonarQube server using standard credentials, which allowed them to download a series of Python projects belonging to customers including Nokia.

A Nokia spokesperson told ITPro the company’s investigation showed no evidence of its internal systems or data being compromised, confirming the attacker breached a third-party working with Nokia on an application for use on a single customer network.

"Our investigation has found no evidence that our systems or data have been compromised. This is a 3rd party security incident related to a single customized software application used on a single customer network.”

The spokesperson added that the software did not contain any Nokia source code and could not be used maliciously against Nokia or its customers.

“This software was not developed by Nokia, contains no Nokia source code, and cannot be used to negatively impact Nokia or its customers. We continue to closely monitor the situation."

IntelBroker is one of the most prolific threat actors operating on BreachForums, previously listing 80 tranches of stolen data for sale on the forum.

Notable victims who have had their data leaked by the cyber criminal in recent months include Apple, Cisco, Zscaler, Europol, AMD, HSBC, and Barclays.

But questions have been raised over the authenticity of some of these claims with companies frequently claiming the scope of the stolen data possessed by IntelBroker was over exaggerated.

TOPICS
Solomon Klappholz
Staff Writer

Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.