🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Proactively monitor and defend your organization against threats from the dark web with CloudSEK XVigil.
Schedule a DemoCategory: Adversary Intelligence
Industry: Multiple
Motivation: Financial
Region: Global
Source*:
B - Usually Reliable
2 - Possibly true
This report investigates a significant supply chain attack targeting IT service provider BORN Group. The threat actor, Intelbroker, exploited CVE-2024-23897 to breach BORN Group's systems, exfiltrating sensitive data from multiple clients.
Additionally, Intelbroker claims to have compromised the Market database as part of this supply chain attack, exposing personal information of approximately 196,000 individuals.
Org Name: BORN Group
Domain Name: https://www.borngroup.com/
BORN Group is a global digital marketing agency that specializes in digital transformation and commerce solutions. Established in 2011, it provides a range of services including creative design, content production, and technology integration for brands across various industries. BORN Group is known for its end-to-end solutions that enhance customer experiences and drive business growth. The company operates internationally, with offices in major cities around the world.
1stwave, Bank of Ireland, BTEC, Celcom, Delta Faucet, Frontier Saw Mills, Gourmet Egypt, Hitachi, Lindt Chocolate, Nestle, Reebok, TOPCON, Unilever
The discovery of an exposed BORN Group server running vulnerable Jenkins software strengthens the hypothesis that the company was a direct target of the attack.
Intelbroker is a highly active e-crime threat actor operating since at least October 2022. Primarily motivated by financial gain, Intelbroker specializes in data breaches, extortion, and operating as an access broker within the cybercriminal underground. The actor frequently targets high-profile organizations across various sectors, including government, telecommunications, automotive, and technology.
Intelbroker employs a multi-faceted approach to compromise targets and profit from stolen data:
URLs
File Hashes (SHA256)
Take action now
CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.
Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.
Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.
Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.
Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.
min read
An in-depth analysis of the BORN Group supply chain breach, where IntelBroker exploited a Jenkins vulnerability to exfiltrate sensitive data, impacting multiple global clients
Category: Adversary Intelligence
Industry: Multiple
Motivation: Financial
Region: Global
Source*:
B - Usually Reliable
2 - Possibly true
This report investigates a significant supply chain attack targeting IT service provider BORN Group. The threat actor, Intelbroker, exploited CVE-2024-23897 to breach BORN Group's systems, exfiltrating sensitive data from multiple clients.
Additionally, Intelbroker claims to have compromised the Market database as part of this supply chain attack, exposing personal information of approximately 196,000 individuals.
Org Name: BORN Group
Domain Name: https://www.borngroup.com/
BORN Group is a global digital marketing agency that specializes in digital transformation and commerce solutions. Established in 2011, it provides a range of services including creative design, content production, and technology integration for brands across various industries. BORN Group is known for its end-to-end solutions that enhance customer experiences and drive business growth. The company operates internationally, with offices in major cities around the world.
1stwave, Bank of Ireland, BTEC, Celcom, Delta Faucet, Frontier Saw Mills, Gourmet Egypt, Hitachi, Lindt Chocolate, Nestle, Reebok, TOPCON, Unilever
The discovery of an exposed BORN Group server running vulnerable Jenkins software strengthens the hypothesis that the company was a direct target of the attack.
Intelbroker is a highly active e-crime threat actor operating since at least October 2022. Primarily motivated by financial gain, Intelbroker specializes in data breaches, extortion, and operating as an access broker within the cybercriminal underground. The actor frequently targets high-profile organizations across various sectors, including government, telecommunications, automotive, and technology.
Intelbroker employs a multi-faceted approach to compromise targets and profit from stolen data:
URLs
File Hashes (SHA256)