Nokia Investigates Alleged Data Breach Involving Source Code Leaked on Hacking Forum
Nokia, the Finnish telecommunications giant, is currently investigating troubling reports regarding the alleged leak of its source code on a criminal hacking forum. The situation has sparked concern within the cybersecurity community, specifically among businesses that rely on third-party contractors for critical services.
The hacker, operating under the alias "IntelBroker," claims to have posted a significant collection of "Nokia related source code," asserting that this information was obtained through a breach at one of Nokia’s third-party service providers, SonarQube. The hacker’s post included details about folders containing sensitive information, such as "nokia_admin1" and "nokia_etl_summary-data." IntelBroker, who also runs BreachForums, initially offered the data for sale, reportedly demanding $20,000 for access to what he described as a collection of SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials.
In response to the allegations, a spokesperson for Nokia stated that the company is "aware of reports that an unauthorized actor has alleged to have gained access to certain 3rd party contractor data and possibly data of Nokia." The spokesperson assured that Nokia is actively monitoring the situation as it unfolds.
The hacker disclosed to Hackread that the access to the data was achieved using a default password, raising concerns about the security practices of the third-party provider involved. SonarQube has yet to issue a public response regarding the breach.
The incident appears to exacerbate the growing trend of cyberattacks targeting prominent companies through vulnerabilities exploited in third-party relationships. In recent months, major brands like AT&T, Ticketmaster, and Neiman Marcus have also reported breaches linked to compromised accounts at cloud-based platforms, highlighting a more extensive security challenge that businesses face as they enhance their own cyber defenses.
This particular breach underscores the potential tactics outlined in the MITRE ATT&CK framework. Initial access appears to have been achieved through the exploitation of weak password protocols, pointing to vulnerabilities in the external supply chain management practices. There are also implications for privilege escalation tactics, as the hacker managed to obtain elevated access to sensitive contractor data.
Given the sensitive nature of the leaked data, the implications for Nokia and the broader telecommunications sector could be significant. As investigations continue, the incident illustrates the constant cybersecurity threat landscape that organizations must navigate. Businesses are advised to remain vigilant, routinely assess their supply chain security, and enhance vulnerability detection protocols to mitigate risks associated with third-party partners.
As further developments emerge related to this case, stakeholders in the tech industry will undoubtedly be monitoring Nokia’s analysis and responses closely, as the ramifications of this breach could have far-reaching effects on cybersecurity protocols across the sector.
