From 05f449dae388f6b08ff45600a21361798f7aea18 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 25 Jun 2024 05:17:03 -0700
Subject: [PATCH] [threat-actors] Add IntelBroker

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index c1f8780..edd2021 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16283,6 +16283,19 @@
       },
       "uuid": "46ef6903-deac-415a-afaf-97e3ce067d7e",
       "value": "HellHounds"
+    },
+    {
+      "description": "IntelBroker is a threat actor known for orchestrating high-profile data breaches targeting companies like Apple, Zscaler, and Facebook Marketplace. They have a reputation for selling access to compromised systems and data on underground forums like BreachForums. IntelBroker has claimed responsibility for breaches involving government agencies such as Europol, the U.S. Department of Transportation, and the Pentagon, leaking sensitive information and classified documents. The actor has been linked to breaches at companies like Acuity, General Electric, and Home Depot, showcasing a pattern of targeting critical infrastructure and major corporations.",
+      "meta": {
+        "refs": [
+          "https://www.cysecurity.news/2024/06/infamous-hacker-intelbroker-breaches.html",
+          "https://www.malwarebytes.com/blog/news/2024/06/was-t-mobile-compromised-by-a-zero-day-in-jira",
+          "https://securityaffairs.com/164263/cyber-crime/pandabuy-extorted-again.html",
+          "https://meterpreter.org/cybersecurity-firm-hacked-sensitive-data-on-sale/"
+        ]
+      },
+      "uuid": "849d16c8-eaa3-46e7-9c1c-179ef680922e",
+      "value": "IntelBroker"
     }
   ],
   "version": 312