General Electric Investigates Possible DARPA Breach

General Electric is investigating claims that a threat actor broke into the company’s development environment in a cyber attack and leaked confidential, DARPA data. 

A prolific hacker that goes by the name of IntelBroker claimed to have breached the manufacturing and technology giant earlier this month, attempting to sell the company’s “development and software pipelines” and DARPA data for $500 on a dark-web hacking forum. 

When they couldn’t sell the data, the hacker posted again that they were selling both the network access and the alleged stolen data.

As proof of the supposed breach, the IntelBroker shared screenshots of what they claim is confidential General Electric data. This screenshot, which has since been shared on X, includes a database from GE Aviation that appears to contain information on military projects.

"I previously listed the access to General Electrics, however, no serious buyers have actually responded to me or followed up. I am now selling the entire thing here separately, including access (SSH, SVN etc)," reads the second post by IntelBroker. 

"Data includes a lot of DARPA-related military information, files, SQL files, documents etc."

Possible Data Breach

Following reports of the breach, General Electric confirmed they were aware of the hacker's claims and were investigating the alleged data theft. 

"We are aware of claims made by a bad actor regarding GE data and are investigating these claims. We will take appropriate measures to help protect the integrity of our systems," a General Electric Spokesperson told BleepingComputer.

Although General Electric is yet to confirm the breach, IntelBroker is associated with several previous, high-profile cyber attacks where data was successfully stolen. 

General Electric alleged data was put up for auction by IntelBroker last night.@generalelectric pic.twitter.com/akl4PQxHSP

— Dominic Alvieri (@AlvieriD) November 24, 2023

The threat actor has a history of leaking data from large corporations, including the US Immigration Service, Autotrader, Volvo, Hilton Hotels, Verizon, and AT&T. Law enforcement became more aware of these breaches and data dumps in succession.

It’s also not the first time General Electric has been successfully infiltrated by threat actors. In 2020, an attack on a third-party provider, Canon Business Process Services, led to the industrial giant being forced to notify the authorities after employee data was successfully breached.

“IntelBroker has already been responsible for a handful of high-profile attacks, with a reputable ability to steal very sensitive information. This attack will not only have a negative impact on the company itself but could have substantial implications for the current sensitive military projects the company tends to work on, which could in turn threaten U.S. national security," said Darren Williams, CEO and Founder of the cybersecurity firm BlackFog.

"Data related to the government is highly prized, so companies in collaboration with government agencies need to be reminded that they also have a responsibility to protect that data from exfiltration and malicious use."

"With the adoption and implementation of cybersecurity defences that prevent data exfiltration both in the network and through third-party suppliers, the U.S. and affiliated companies can ensure they stay one step ahead of cybercriminals," Williams added.