Actinver is a prominent financial institution based in Mexico, offering a wide range of banking services, including personal banking, investment solutions, and corporate financial services. With a substantial customer base and extensive digital infrastructure, Actinver plays a critical role in the Mexican financial landscape.
Breach Details
- Date of Breach: July 3, 2024
- Discovered by: A user named IntelBroker on BreachForums
- Data Leaked: Source code of Actinver's internal systems
- Size of Leak: 7.61 GB
- Type of Data: Internal source code and potentially other sensitive internal documents
Incident Description
On July 3, 2024, a data breach involving Actinver Bank was publicly disclosed by a user known as IntelBroker on a cybercrime forum called BreachForums. The hacker shared a 7.61 GB file purported to be the source code of Actinver’s internal systems, available for download by other forum members.
Threat Actor Profile: IntelBroker
Overview
IntelBroker is a notorious threat actor known for orchestrating a series of high-profile data breaches across various industries and government entities. Active on underground forums like BreachForums, IntelBroker has a reputation for selling access to compromised systems and data, often targeting large organizations and critical infrastructure.
Notable Activities
IntelBroker has claimed responsibility for breaches involving major corporations such as Apple, AMD, Zscaler, General Electric, AT&T, and Home Depot, as well as government agencies including Europol, the U.S. Department of Transportation, and the Pentagon (Malpedia) (SOCRadar® Cyber Intelligence Inc.). These breaches have involved the exfiltration of sensitive information, such as source code, classified documents, and personal data.
Methods and Techniques
IntelBroker's attack methods are sophisticated and multifaceted, often involving:
- Credential Dumping: Harvesting and using compromised credentials to gain further access within networks.
- Lateral Movement: Moving across networks using valid accounts to explore and compromise additional systems.
- Data Exfiltration: Extracting valuable information via command and control channels (SOCRadar® Cyber Intelligence Inc.).
IntelBroker has also developed ransomware strains, such as the Endurance Ransomware, though its primary focus appears to be on extortion and data leaks rather than ransomware deployment (SOCRadar® Cyber Intelligence Inc.).
Geographic and Industry Focus
IntelBroker's operations span multiple continents, with significant activity in the United States, India, the United Kingdom, and France. The threat actor targets a wide range of industries, including:
- Information Technology and Telecommunications
- Healthcare
- Financial Services
- Government and Public Administration
- Retail and E-Commerce
- Critical Infrastructure Sectors (Malpedia) (SOCRadar® Cyber Intelligence Inc.).
Motives and Impact
IntelBroker's activities are primarily financially motivated, aiming to sell access to valuable data. However, there are occasional geopolitical undertones, particularly when targeting NATO-aligned nations such as the United States. This dual motivation highlights the complexity of IntelBroker's operations, which can have severe implications for national security and corporate integrity.
Notable Breach Claims
Some of the most significant breaches attributed to IntelBroker include:
- Weee! Grocery Service: Breach affecting 11 million users.
- Los Angeles International Airport: Compromised database with 2.5 million records.
- Facebook Marketplace: Leaked thousands of user records.
- US Government Entities: Breaches involving sensitive documents and personal data of over 100,000 US citizens (SOCRadar® Cyber Intelligence Inc.).
IntelBroker's extensive reach and methodical approach make it a formidable threat in the cybersecurity landscape, with a pattern of targeting organizations that hold substantial data assets and critical infrastructure.