Skip to content

Threat actor IntelBroker allegedly leaks Apple’s internal tools

  • by
  • 2 min read

The notorious cybercriminal IntelBroker has claimed responsibility for leaking the source code of several internal Apple tools, including AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin.

The disclosure was made via a post on a dark web forum, raising concerns about the security of one of the world’s leading technology companies.

According to IntelBroker, the breach occurred in June 2024, exposing critical Apple tools. While specific details about Apple-HWE-Confluence-Advanced and AppleMacroPlugin remain sparse, the implications of AppleConnect-SSO being compromised are significant, reports 9to5Mac.

AppleConnect-SSO, a crucial authentication system within Apple’s infrastructure, allows employees to access various internal applications. This system is deeply integrated with Apple’s Directory Services database, ensuring secure access to internal resources.

Notably, Apple employees use this authentication system on iOS to log in using a pattern-based gesture system instead of a traditional passcode. This feature was implemented in the Concierge app for Apple Store employees and the now-discontinued SwitchBoard app.

The exact impact of the breach on Apple’s operations and security remains unclear, but the lack of such sensitive tools poses a potential risk of exploitation by other malicious actors.

The threat actor did not provide further specifics in their dark web post, leaving the cybersecurity community to speculate on the extent of the breach and the potential for the stolen data to be sold or otherwise distributed.

IntelBroker has a notorious history of targeting high-profile organisations. The cybercriminals have previously been linked to breaches at major corporations, including AMD, Zscaler, General Electric, AT&T, Home Depot, and Barclays Bank.

Government agencies, such as Europol and the U.S. State Department, have also reportedly been victims of IntelBroker’s exploits.

A source familiar with the dark web forums explained to 9to5Mac that while scams are a non-zero possibility, the vetting process on these platforms is stringent. IntelBroker’s growing reputation lends credibility to its claims, making it likely that the leaked data is genuine.

Although the breach did not affect customers’ data and was only limited to Apple’s internal systems, the exposure of AppleConnect-SSO could be used by other threat actors in the future to exploit Apple’s weak infrastructure.

Recently, AMD accepted that their servers were indeed breached. However, they downplayed the impact of the breach, stating that it would not have any material impact on their business operations.

In the News: T-Mobile denies data breach claims by IntelBroker

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: