A known threat actor has leaked classified documents from the U.S. government and its allies online that they believe were stolen from a government IT contractor.
IntelBroker took credit for the breach, alongside Sanggiero and EnergyWeaponUser, according to a screenshot posted to X (formerly Twitter) by security researchers HackManac.
“Today I am releasing documents belonging to the Five Eyes Intelligence Group,” the message said. “The data was obtained by hacking Acuity Inc, a company that works directly with the US government and its allies.”
Acuity is a Virginia-based federal technology consulting firm that claims to have “deep expertise” in areas such as IT modernization, DevSecOps, cybersecurity, data analytics and operational support.
According to at office on an underground cybercrime forum, the threat actors classified information including full names, government and military email addresses, work and home phone numbers, and “classified information and communications between the Five Eyes, the 14 Eyes and the allies of the United States.
#Data Breach Alert ⚠️
🇺🇸#UNITED STATES: Alleged Acuity Inc breach results in leak of sensitive Five Eyes Intelligence Group (FVEY) documents.
The threat actor group consisting of IntelBroker, Sanggiero, and EnergyWeaponUser claims to have breached Acuity Inc, a federal technology consulting firm,… pic.twitter.com/qGV8IUMkT7
– HackManac (@H4ckManac) April 3, 2024
There is good reason to suspect that IntelBroker’s claims are legitimate, with the actor linked to a series of high-profile successful breaches in the past.
In March 2023, they obtained personal data on 170,000 people including members of the United States House of Representatives, after compromising the DC Health Link health insurance marketplace, which is managed by the DC Health Benefit Exchange Authority (HBX).
In November of that year, they put up for sale sensitive information allegedly stolen from industrial giant and US government contractor General Electric.
“The data includes a lot of military information, files, SQL files, documents, etc. linked to DARPA » they said at the time.
Threat intelligence specialist Dark Web Informer claimed on X that IntelBroker made the breach fully available in unredacted form on its X account. However, that account was quickly suspended by the social media company, at least indicating the seriousness of the allegations.