Nokia Confirms Data Breach Linked to Third-Party Vendor
Nokia has publicly acknowledged a data breach involving a third-party vendor, reinforcing that its internal systems remain secure and unaffected by the incident. Following an extensive investigation, the telecommunications company clarified that although a breach occurred, its own data and systems were not compromised.
The firm reported that the breach was attributed to a security incident involving a tailored software application from an external source, rather than any vulnerabilities within Nokia’s infrastructure. In a statement provided to BleepingComputer, Nokia emphasized, "Our investigation has found no evidence of any of our systems or data being impacted. Our inquiries indicate a third-party security incident."
The breach has been linked to a notorious data leaker known as IntelBroker, who recently advertised a substantial archive of allegedly stolen data on an underground forum. This archive reportedly includes a variety of sensitive materials such as Nokia source code, SSH keys, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials. IntelBroker claims to have infiltrated a third-party vendor’s environment through a SonarQube server, gaining access to confidential files that belonged to several companies, Nokia among them.
Despite the distressing nature of the leak, Nokia reassured its customers that there is no indication that the third-party incident has compromised critical systems, including internal source code or encryption keys. The company stated, "Our customers are in no way impacted, including their data and networks." This communication seeks to mitigate concerns amongst Nokia’s client base over potential ramifications from the breach.
The leaked source code pertains to an application developed by the third party specifically for Nokia, which functions exclusively within a single network and is not operable outside of that environment. Nokia affirmed that its own proprietary code has not been part of the breach.
IntelBroker is identified as a Serbian hacker with a notable record dating back to October 2022, having executed over 80 separate attacks against various organizations, including high-profile names like AMD, Apple, Europol, and HPE. This pattern of behavior underlines the growing threat landscape involving sophisticated cyber actors who target vulnerable ecosystems through third-party channels.
In framing the incident within the context of the MITRE ATT&CK framework, potential tactics employed include initial access, perhaps via the exploitation of vulnerabilities in the SonarQube server, and data exfiltration. The ongoing evolution of threats such as these highlights the critical need for robust cybersecurity measures and continuous monitoring practices, particularly concerning third-party integrations.
As Nokia continues to monitor developments surrounding this breach, business owners in the cybersecurity realm are reminded of the inherent risks associated with third-party vendor relationships. Enhanced scrutiny and proactive risk management strategies are essential in safeguarding sensitive business information against hostile cyber actors.
