European law enforcement agency Europol suffered a data breach that exposed highly sensitive information, including For Official Use Only (FOUO) and classified data, according to claims made by the notorious threat actor known as IntelBroker. The hacker, posting on the cybercrime forum Breach, stated that the breach occurred in May 2024 and affected several key agencies within Europol, such as the Joint Center for European Security (CCSE), EC3, the Europol Expert Platform, the Law Enforcement Form, and the SIRIUS system.

The compromised data reportedly includes Alliance employees’ information, files related to reconnaissance activities, and operational guidelines. IntelBroker’s announcement on the forum included a message to the BreachForums Community, stating, “Today, I am selling the entire data breach belonging to Europol. Thanks for reading, enjoy!” The hacker revealed that the breach resulted in the exposure of FOUO and classified data.

In addition to the Europol breach, IntelBroker recently announced the sale of access to a major cybersecurity company, identified as ZScaler. The threat actor offered to sell confidential and highly critical logs containing credentials, including SMTP access, Muth Pointer Auth access, and SSL passkeys and certificates, for a price of $20,000 in cryptocurrency. The seller emphasized that the sale was covered by escrow and would only be conducted with reputable forum members who could provide proof of funds.

The sale of access to sensitive cybersecurity information highlights the continued threat posed by malicious actors seeking to exploit vulnerabilities in organizations’ security defenses. The underground market for stolen data and unauthorized access to networks remains a lucrative enterprise for threat actors, underscoring the importance of robust cybersecurity measures and ongoing vigilance to protect against such attacks.

Europol has yet to publicly confirm the data breach claimed by IntelBroker, and it is unclear what actions the agency is taking in response to the alleged incident. As investigations into the breach continue, cybersecurity experts stress the importance of timely detection, response, and mitigation strategies to minimize the potential impact of such security incidents on organizations and their stakeholders.

In a digital landscape characterized by evolving cybersecurity threats and sophisticated tactics employed by threat actors, organizations must prioritize cybersecurity awareness, training, and proactive defense measures to safeguard against data breaches and unauthorized access to sensitive information. Collaborative efforts between public and private sector stakeholders are essential to combatting cybercrime and enhancing overall cybersecurity resilience in the face of persistent threats.

Source link