Man
Professional
- Messages
- 3,070
- Reaction score
- 606
- Points
- 113
Nokia has finally dealt with the sensational hacking of its partner's systems.
Nokia has conducted an internal investigation into allegations of a recent data breach and has determined that the source code published on the dark web belongs to a third-party company. At the same time, neither the data of Nokia itself nor its customers were affected.
The statement was made in response to the actions of a hacker under the pseudonym IntelBroker, who at the beginning of the week posted on the network data allegedly stolen after hacking the server of a third-party supplier associated with Nokia. Initially, the attacker tried to sell the obtained data, claiming that he had SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and passwords. However, after Nokia denied the fact of the leak, the hacker decided to put the information in the public domain.
IntelBroker post on the hacker forum
BleepingComputer managed to get a comment from a representative of Nokia. The company confirmed that the investigation revealed a security incident at a third-party vendor and found no evidence that Nokia's own systems or data were compromised.
IntelBroker previously claimed that it hacked a third-party vendor by exploiting a vulnerability in the poorly protected SonarQube server, through which it was possible to download files from several large companies at once, including Nokia.
Nokia clarified that the incident with a third party does not pose a threat to the company's critical systems and data, including source code, specialized software and encryption keys. Nokia customers, their data and systems are also safe.
The investigation showed that the leak affected the source code of the application, which was developed not by Nokia itself, but by a third-party contractor. The application is needed to work exclusively within one network of a particular client and is not able to function outside it. At the same time, the leaked code does not contain Nokia components.
Despite the absence of a threat to its systems, the Finnish company continues to closely monitor the situation and take all necessary measures to ensure security.
Source
Nokia has conducted an internal investigation into allegations of a recent data breach and has determined that the source code published on the dark web belongs to a third-party company. At the same time, neither the data of Nokia itself nor its customers were affected.
The statement was made in response to the actions of a hacker under the pseudonym IntelBroker, who at the beginning of the week posted on the network data allegedly stolen after hacking the server of a third-party supplier associated with Nokia. Initially, the attacker tried to sell the obtained data, claiming that he had SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and passwords. However, after Nokia denied the fact of the leak, the hacker decided to put the information in the public domain.
IntelBroker post on the hacker forum
BleepingComputer managed to get a comment from a representative of Nokia. The company confirmed that the investigation revealed a security incident at a third-party vendor and found no evidence that Nokia's own systems or data were compromised.
IntelBroker previously claimed that it hacked a third-party vendor by exploiting a vulnerability in the poorly protected SonarQube server, through which it was possible to download files from several large companies at once, including Nokia.
Nokia clarified that the incident with a third party does not pose a threat to the company's critical systems and data, including source code, specialized software and encryption keys. Nokia customers, their data and systems are also safe.
The investigation showed that the leak affected the source code of the application, which was developed not by Nokia itself, but by a third-party contractor. The application is needed to work exclusively within one network of a particular client and is not able to function outside it. At the same time, the leaked code does not contain Nokia components.
Despite the absence of a threat to its systems, the Finnish company continues to closely monitor the situation and take all necessary measures to ensure security.
Source
