Overview: New threat actor
A threat actor going by the name of IntelBroker is claiming to have breached several US government agencies and is now running ads on underground hacking forums claiming to sell more than 2 GB of files stolen from the agencies’ networks. While the group has made bold claims, several security researchers have indicated that the ad might be a scam, as the actor has not provided any evidence of a widespread breach of the US government. The threat actor’s name also seems to be tied to a new Ransomware-as-a-Service portal called Endurance, and security researchers believe this might be a clever ruse to draw affiliates to the new service. “Not sure what their angle is, but it seems like notoriety maybe for a quick exit scam.” Read more: Endurance Ransomware Claims Breach of US Federal Government
The repository hosts the source code of the Endurance #wiper. A comment in the source code indicates that IntelBroker is not part of a group and that #Endurance is an on-going project. pic.twitter.com/no4X2x8Rqz
— Aleksandar Milenkoski (@milenkowski) November 16, 2022