News > Cyber-attacks > Ransomware
by Kevin Wood

GE Aerospace Investigates Alleged Cyber-Attack by IntelBroker

 

General Electric & co reeling

General Electric (GE) Aerospace is currently investigating claims of a significant cyber-attack allegedly perpetrated by a threat actor known as IntelBroker. The attack, which reportedly targeted GE’s development environment, has raised substantial concerns due to the potential compromise of sensitive DARPA-related military information.

Overview of GE Aerospace

GE Aerospace, a division of General Electric, is a leading provider of jet engines, components, and integrated systems for commercial, military, business, and general aviation aircraft. The company plays a critical role in national defense and aviation innovation, making it a prime target for cyber threats.

Details of the Cyber-Attack

• Date Reported: May 20, 2024
• Threat Actor: IntelBroker
• Nature of the Attack: IntelBroker claimed to have breached GE’s development and software pipelines and attempted to sell access on a hacking forum for $500. When there were no takers, the hacker offered what was claimed to be stolen data, including military-related files.

IntelBroker shared screenshots as proof of the breach, showing databases from GE Aviation that appear to contain information on military projects. This information, if verified, could have serious implications for national security.

IntelBroker’s Background

IntelBroker is a well-known hacker with a history of high-profile cyberattacks. Previous incidents include:

• Weee! Grocery Chain: Breach exposed personal information of over one million customers.
• D.C. Health Link Program: Breach exposed contact information and Social Security numbers of some members of Congress.
• Other Targets: IntelBroker has also claimed breaches of Volvo, Dr. Martens, and The Body Shop, involving data theft.

Claims of Stolen Data

The data allegedly stolen by IntelBroker includes:

• DARPA-Related Information: Sensitive files related to the U.S. Defense Advanced Research Projects Agency (DARPA) projects.
• SQL Files and Documents: Data from GE Aviation’s databases, potentially containing classified information.

GE’s Response

GE has acknowledged the claims and is actively investigating the alleged breach. A spokesperson for GE stated, “We are aware of claims made by a bad actor regarding GE data and are investigating these claims. We will take appropriate measures to help protect the integrity of our systems.”

The company has not yet confirmed the breach but has emphasized its commitment to securing its systems and protecting sensitive information.

Impact and Implications

The potential breach of DARPA-related information is significant due to the national security implications. If the claims are verified, it could represent a substantial risk to U.S. military projects and highlight vulnerabilities in GE’s cybersecurity defenses.

Expert Opinions

Cybersecurity experts have weighed in on the severity of the alleged breach:

• Senior Security Analyst at Proofpoint: “This vulnerability underscores the critical need for organizations to continuously update and monitor their security protocols. The rapid exploitation of zero-day vulnerabilities can have catastrophic consequences if not addressed promptly.”
• Cybersecurity Consultant at SANS Institute: “Organizations must adopt a proactive security posture, including regular vulnerability assessments and incident response planning. This incident highlights the importance of a multi-layered defense strategy to protect against sophisticated cyber threats.”

Broader Implications for Cybersecurity

This incident serves as a wake-up call for IT administrators and cybersecurity professionals to reassess their security postures and defense mechanisms. The broader implications extend beyond immediate operational disruptions and data breaches, touching on areas such as regulatory compliance, risk management, and corporate governance.

Regulatory and Compliance Concerns: Organizations in sectors such as healthcare, finance, and government are bound by stringent data protection regulations like GDPR, HIPAA, and CCPA. A breach of sensitive information due to a vulnerability like this could result in severe penalties and legal consequences. Ensuring compliance with these regulations requires robust security practices and timely patch management.

Risk Management: The incident underscores the importance of incorporating cybersecurity into overall risk management frameworks. Organizations must identify critical assets, assess potential vulnerabilities, and implement appropriate controls to mitigate risks. Regular penetration testing, vulnerability scanning, and security audits are essential practices to identify and address weaknesses before they can be exploited by attackers.

Corporate Governance: Cybersecurity is a board-level issue, and incidents like this highlight the need for executive involvement in cybersecurity strategies. Boards and executive teams must ensure that sufficient resources are allocated to cybersecurity, and that comprehensive incident response plans are in place. Regular updates and briefings from cybersecurity teams can help in making informed decisions and taking timely actions.

Conclusion

The alleged breach of GE Aerospace by IntelBroker is a stark reminder of the ever-present threats in the cybersecurity landscape. As GE Aerospace investigates the claims, it underscores the importance of maintaining robust security protocols, staying informed about emerging threats, and being prepared to respond to incidents swiftly.

Organizations are encouraged to take immediate action by applying temporary fixes, enhancing security monitoring, and preparing for any potential vulnerabilities. By adopting a proactive approach to cybersecurity, organizations can better protect their critical assets and ensure operational resilience in the face of evolving cyber threats.

For continuous updates and detailed information on the GE Aerospace vulnerability and recommended mitigation strategies, organizations should refer to official security advisories and collaborate with trusted cybersecurity experts.