UPDATE [Fri, 10 May 2024 03:40:00 UTC] – Zscaler reiterates no impact or compromise to customers, production, or corporate environments. Zscaler and an independent third-party incident response firm continue to work on forensics analysis of the quarantined test environment.
Cybersecurity powerhouse Zscaler launched an investigation on Wednesday after a notorious hacker, known as IntelBroker, announced on a popular cybercrime forum that they were “selling access to one of the largest cyber security companies”. Although the hacker’s post did not explicitly name the company, they later confirmed in the forum’s shoutbox that the target was Zscaler.
IntelBroker has offered to sell “confidential and highly critical logs packed with credentials”, including SMTP access, PAuth access, and SSL passkeys and certificates, for $20,000 in crypto. This alarming claim has raised concerns about the potential severity of the alleged breach.
Zscaler’s Initial Response and Investigation
Upon learning about the hacker’s claims, Zscaler promptly announced the launch of an investigation. A few hours after the investigation commenced, the company announced that it had found no evidence of its customer and production environments being compromised.
Update on Investigation Findings
In its latest update, Zscaler confirmed that its production, customer, and corporate environments were not impacted. The company stated, “Our investigation discovered an isolated test environment on a single server (without any customer data) which was exposed to the internet. The test environment was not hosted on Zscaler infrastructure and had no connectivity to Zscaler’s environments. The test environment was taken offline for forensic analysis.”
IntelBroker’s Recent Claims and Track Record
IntelBroker recently claimed to have stolen US State Department and other government data from the tech firm Acuity. While Acuity confirmed a breach, the company stated that only non-sensitive, old information was compromised. IntelBroker has been making claims about obtaining US government data for more than a year. In several cases, the data has been confirmed to come from third-party service providers, but in some instances, the data was allegedly obtained directly from government systems. However, some of the hacker’s claims seemed false or exaggerated.