General Electric and the Defense Advanced Research Projects Agency (DARPA) have reportedly been breached, according to claims on the Dark Web that the organizations' highly sensitive stolen data is up for sale.
A screen capture from the Dark Web ad shows a threat actor named IntelBroker selling access credentials, DARPA-related military information, SQL files, and more.
GE confirmed to Dark Reading its knowledge of stolen data that's up for sale and that it's investigating the issue.
"We are aware of claims made by a bad actor regarding GE data and are investigating these claims," according to a GE spokesperson. "We will take appropriate measures to help protect the integrity of our systems."
GE, DARPA Data at Stake
GE and DARPA have been coordinating on a number of cutting-edge research initiatives over the years that could be attractive targets for cyberattacks, according to Rosa Smothers, a former CIA cyber threat analyst and current KnowBe4 vice president.
"DARPA has been collaborating with GE on various projects over the years — for example, non-drug treatments for diabetes and the development of mobile systems for creating DNA and RNA-based vaccines," Smothers says. "One collaboration of particular interest is the MIND [Monitoring & Inspection Device] project, which aims to improve the network security of crucial information systems. Perhaps ironically, this particular venture was initiated in response to an increased number of security breaches."
Contrast Security's Tom Kellermann says that DARPA's data stores, worryingly, also include classified information on weapons programs, as well as artificial intelligence (AI) research.
Follow-on Attacks on Federal Agencies?
Beyond classified information falling into adversaries' hands, experts have expressed worry about follow-on cyberattacks being launched with stolen GE credentials.
"I am very concerned that GE's environment is being used to conduct island hopping into federal agencies," Kellermann said, in a statement. "IntelBroker is notorious for selling access to compromised systems. I would assume the Chinese and Russians are already in."
IntelBroker has already pulled off a number of high-profile cyberattacks and should be considered a serious threat, particularly by government agencies, according to Darren Williams, CEO and founder of BlackFog.
"Data related to the government is highly prized, so companies in collaboration with government agencies need to be reminded that they also have a responsibility to protect that data from exfiltration and malicious use," Williams said, in a statement.
Making matters more dangerous, the threat actors claimed they accessed GE's development environment.
"Since the breach occurred in the development environment runtime security must be immediately implemented in conjunction with expansive threat hunting to identify the backdoor," Kellermann added. "This breach has serious national security implications."