Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools

Notorious threat actor IntelBroker, who previously claimed responsibility for other high-profile data breaches, including those of U.S. government systems in April, allegedly leaked the source code of several internal tools used at Apple via a post on a dark web forum.

According to the post by IntelBroker, Apple suffered a data breach this month, presumably at their hands, that led to the exposure. The threat actor claims to have obtained source code for the following internal tools:

• AppleConnect-SSO
• Apple-HWE-Confluence-Advanced
• AppleMacroPlugin

While little is known about Apple-HWE-Confluence-Advanced and AppleMacroPlugin, AppleConnect-SSO is an authentication system that allows employees to access specific applications within Apple’s network. The system is integrated with the company’s Directory Services database, which ensures secure access to internal resources.

On iOS, employee-only applications can use AppleConnect-SSO as a gesture-based login system where a user sets up a pattern instead of a passcode for ease. AppleConnect is known to have been implemented into the Concierge app, used by Apple Store employees, and in SwitchBoard before its discontinuation in 2021. Apart from that, it’s unclear how widely used the tool is.

IntelBroker post on BreachForums dark web message forum. Screenshot via HackManac on X.

IntelBroker did not provide any further details in the post. It appears that the data could be for sale, though it is unclear. Nonetheless, it is important to emphasize that this alleged breach is localized internally and has no apparent impact on Apple customer data.

A source familiar with the matter told 9to5Mac that a majority of dark web forums try and uphold a strong vetting process to weed out scammers who want to sell “leaked data” that they do not possess, but IntelBroker has a growing reputation.

The cybercriminal is known for breaches on large organizations such as AMD (posted just yesterday and currently under investigation), Zscaler, General Electric, AT&T, Home Depot, Barclays Bank, and government agencies such as Europol and the U.S. State Department.

We’ve reached out to Apple for comment and will update if we hear back.

Follow Arin: Twitter/X, LinkedIn, Threads