CybserSecurity News

Tag: IntelBroker

  • French Police Bust BreachForums Organizers: “ShinyHunters,” “IntelBroker” & Others Arrested in Major Cybercrime Crackdown

    The French police have carried out a sweeping operation targeting the organizers of the infamous cybercriminal forum BreachForums, which in recent years had become a major hub for the trafficking of stolen data. According to Le Parisien, officers from the Cybercrime Fighting Unit (BL2C) arrested several individuals involved in the operation of the platform.

    French media reports indicate that arrests took place in the suburbs of Paris, in Normandy, and on the island of Réunion. Among those detained were users known by the aliases “ShinyHunters,” “Hollow,” “Noct,” and “Depressed.” The forum’s main operator, who went by the moniker “IntelBroker,” had already been apprehended by French law enforcement in February of this year—an event that only recently came to light.

    This latest wave of arrests effectively marks the end of the relaunched BreachForums, which emerged after the original site was taken down in 2023. That year, the platform’s founder, Connor Brian Fitzpatrick—known online as “Pompompurin”—was arrested in the United States. Almost immediately thereafter, other cybercriminals, including ShinyHunters, Baphomet, and IntelBroker, revived the forum under a new iteration.

    ShinyHunters is among the most notorious figures in the cybercriminal underground. The alias has been linked to numerous high-profile data breaches involving international corporations such as Salesforce, PowerSchool, and SnowFlake. More recent attacks targeted giants like Santander, Ticketmaster, AT&T, Advance Auto Parts, Neiman Marcus, and Cylance. Experts suggest that “ShinyHunters” is not a single individual but rather a collective operating in coordination.

    The second iteration of BreachForums was effectively dismantled in April 2025, when the site was reportedly hacked through a vulnerability in the popular MyBB forum software. Since then, the platform has not resumed operation.

    Authorities associate the arrested individuals with several high-impact cyberattacks against French companies and government entities. Notable victims include the electronics retailer Boulanger, telecom provider SFR, the national employment agency France Travail (formerly Pôle Emploi), and the French Football Federation. Of particular concern was the breach of France Travail, in which data on nearly 43 million citizens may have been compromised.

    Thus far, French officials have refrained from publicly commenting on the arrests. The National Cybersecurity Agency of France (ANSSI) has also withheld statements on the matter.

  • Notorious Hacker “IntelBroker” (Kai West) Arrested & Charged in US: $25M Damages, Traced by Crypto

    A British citizen has been formally charged in the United States for orchestrating large-scale cyberattacks and trafficking in stolen confidential data, resulting in an estimated $25 million in damages. According to the U.S. Attorney’s Office for the Southern District of New York, the individual in question is 25-year-old Kai West, a resident of the United Kingdom, better known online by his alias, IntelBroker.

    Investigators allege that West engaged for several years in cyber intrusions targeting government agencies, corporations, and critical infrastructure around the world. The stolen data was routinely sold on the hacking forum BreachForums, where IntelBroker was regarded as a key figure. Among the compromised materials were medical records, internal documents from telecommunications and cybersecurity firms, and user data from various online platforms.

    IntelBroker has been linked to several major data breaches in recent years, including attacks on Europol, General Electric, Weee!, AMD, Hewlett Packard Enterprise, Nokia, and DC Health Link—the medical insurance platform of the District of Columbia. He has also been associated with the leak of personal information belonging to members of the U.S. Congress.

    According to the indictment, in January 2023, an undercover FBI agent purchased a stolen API key from IntelBroker. The transaction was conducted via a cryptocurrency address that investigators traced to a Ramp account registered under Kai West’s driver’s license. Further digital footprints led to a Coinbase account linked to the same email and the alias “Kyle Northern”—one of West’s known alter egos. This email account contained billing records, university correspondence, and a photograph of his driver’s license, conclusively confirming his identity.

    U.S. authorities have brought four charges against West: conspiracy to commit computer intrusions, wire fraud, conspiracy to commit wire fraud, and unauthorized access to protected computer systems. Three of these charges carry maximum penalties of up to 25 years in prison.

    According to the U.S. Department of Justice, IntelBroker’s activities have inflicted over $25 million in damages, affecting dozens of organizations and individuals across the globe. U.S. officials have requested West’s extradition, following his arrest by French law enforcement in February 2025.

    In parallel, French media reported a series of coordinated arrests this week, as police detained four suspected operators of BreachForums. IntelBroker himself had previously served as an administrator of the forum but stepped down from the role in January of this year.

    Among IntelBroker’s most infamous breaches was the attack on DC Health Link, which triggered congressional hearings after the personal data of House members and staff was exposed. Another high-profile case linked to him was the breach of General Electric, during which sensitive DARPA military project data—including SQL databases, technical documents, and strategic reports—was exfiltrated.

  • Europol Confirms Breach of Expert Platform, Data Exposure Limited

    The malicious actor known as IntelBroker claims to have stolen confidential documents from Europol’s Europol Platform for Experts (EPE).

    Europol has confirmed the breach of the EPE portal, designed for knowledge and methodology exchange among law enforcement experts. Europol noted that the breach affected only a “closed group of users” of the EPE and did not compromise the agency’s core systems or operational data.

    Currently, the EPE site is non-functional, displaying a maintenance message. Meanwhile, IntelBroker, responsible for the data leak, stated that he has access to information about alliance personnel, intelligence data, source code, and various FOUO documents of the EC3 SPACE platform, which serves over 6,000 accredited cybercrime experts worldwide.

    IntelBroker also claimed access to the SIRIUS platform, used by judicial and law enforcement authorities from 47 countries, including EU member states, the UK, and countries with cooperation agreements with Eurojust and the European Public Prosecutor’s Office. SIRIUS is used to access cross-border electronic evidence in criminal investigations.

    IntelBroker published screenshots of the EPE interface and a small sample from the EC3 SPACE database, allegedly containing the personal data of 9,128 law enforcement officers and cybercrime experts. In a forum post, the hacker indicated he is waiting for price offers in Monero (XMR) cryptocurrency and that he sells data “only to verified members.”

    Since his emergence in the hacker community in October 2022, IntelBroker has gained notoriety for selling data from the U.S. government and military, hacking the insurance company DC Health Link, which led to Congressional hearings after he disclosed the personal data of members and staff of the U.S. House of Representatives.

    Another notable incident involving IntelBroker was the breach of General Electric, during which he stole information about DARPA military projects, including SQL files, technical documents, and strategic reports. Other victims include Facebook Marketplace and Los Angeles International Airport (LAX).

  • Cybersecurity Firm Hacked: Sensitive Data on Sale

    Recently, reports have emerged about a significant cyber incident. A hacker, known by the alias “IntelBroker,” claims to have breached the systems of one of the world’s leading cybersecurity companies, which boasts an annual revenue of $1.8 billion.

    IntelBroker posted an offer on the notorious cybercriminal forum BreachForums, proposing to sell access to sensitive data and systems of the affected company for $20,000 in the cryptocurrency Monero (XMR). The name of the afflicted company has not been disclosed by the hacker, presumably to prevent it from implementing protective measures before the data is sold.

    Among the stolen information, according to the hacker, are SSL keys, access to the Simple Mail Transfer Protocol (SMTP), confidential logs containing credentials, and access to Pointer Auth Authentication, which may pertain to ARM Pointer authentication.

    The hacker has stated that additional details will be provided only after contact with potential buyers and has agreed to use an intermediary or escrow service for the transaction. Furthermore, IntelBroker requires buyers to verify their funds and limits sales exclusively to highly reputable members of the forum.

    Since first appearing in the hacking community in October 2022, IntelBroker has been involved in several high-profile data breaches, including those affecting DC Health Link, General Electric, Hewlett Packard Enterprise, Los Angeles International Airport, and the American contracting company Acuity. Consequently, the cybercriminal has gained a somewhat positive reputation on hacking forums, lending some credence to his claims.

    The incident highlights the potential vulnerability of even the most secure cybersecurity systems. If the breach is confirmed, the implications could be significant not only for the company involved but also for its clients and the cybersecurity industry as a whole.

    Zscaler, which seemingly fits the description provided by IntelBroker, has already initiated an investigation to determine if its systems have been compromised. According to the company’s security updates page, preliminary findings revealed an isolated environment on one of its servers, which “was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments” but was nonetheless accessible from the internet. “The test environment was taken offline for forensic analysis.”

    As of the morning of May 9th, the company assures its clients that there has been no impact on its customers, production, or corporate environments. Nevertheless, Zscaler has engaged an external incident response organization to conduct its independent investigation.

    It remains unclear whether IntelBroker was indeed referring to Zscaler when announcing the sale of access, or if it is merely a coincidence that the company discovered “an isolated test environment on a single server (without any customer data) which was exposed to the internet.” More dramatic developments related to this story are likely to emerge, and we will certainly report on them.

  • HPE Credentials Reportedly Stolen and Sold on Dark Web

    Hewlett Packard Enterprise (HPE) is investigating a potential breach following online claims regarding the sale of stolen HPE credentials and other confidential company information.

    The HPE investigation revealed that the data was sourced from a “test environment.” The company has found no evidence of compromise within any HPE production environments or customer information, nor have there been any ransom demands.

    The perpetrator, known by the alias IntelBroker, who listed the purportedly stolen HPE data for sale, shared screenshots of some credentials but did not disclose the source of the information or the method of acquisition.

    IntelBroker selling allegedly stolen HPE credentials (BleepingComputer)

    More specifically, the data encompasses access to CI/CD, system logs, configuration files, access tokens, HPE StoreOnce files (serial numbers, warranties, etc.), and passwords, including email services.

    IntelBroker is most notorious for hacking the insurance company DC Health Link, which led to Congressional hearings after the personal data of members and staff of the U.S. House of Representatives was disclosed. Another incident involving IntelBroker includes a breach of General Electric, during which the hacker stole information on military projects from the agency DARPA, including SQL files, technical documents, and strategic reports.