General Electric Investigates Alleged DARPA Breach

Written by

A prolific threat actor has been spotted on the dark web selling what they claim to be sensitive information stolen from General Electric.

General Electric (GE) is one of America’s best-known multinationals, having been founded over 100 years ago by Thomas Edison. It now has a portfolio ranging from aerospace to renewable energy.

However, according to screenshots posted on X (formerly Twitter), a threat actor known as IntelBroker is selling data stolen from the company on a popular dark web marketplace.

“I previously listed the access to General Electrics, however, no serious buyers have actually responded to me or followed up. I am now selling the entire thing here separately, including access (SSH, SVN etc),” the listing reads. “Data includes a lot of DARPA-related military information, files, SQL files, documents etc.”

Read more on GE breaches: GE Engineer Charged for Novel Data Theft

The malicious actor also shared screenshots of some of the data by way of proof, although Infosecurity was unable to determine their authenticity.

However, IntelBroker has a history of successful high-profile breaches to their name. In March this year, they obtained personal data on 170,000 individuals after compromising health insurance marketplace DC Health Link, which is managed by the DC Health Benefit Exchange Authority (HBX).

GE is believed to be investigating the reports. Infosecurity has contacted the company for an updated statement on its progress.

This isn’t the first time GE has been targeted by data thieves. In 2020, the industrial giant notified the authorities about a breach of employee data that occurred via a third-party provider, Canon Business Process Services.

Earlier this year a former employee at GE Power’s Schenectady plant, Xiaoqing Zheng, was sentenced yesterday to 24 months behind bars for his part in a conspiracy to steal aviation trade secrets and send them to China.  

Image credit: Jonathan Weiss / Shutterstock.com

What’s hot on Infosecurity Magazine?