BOOK THIS SPACE FOR AD
ARTICLE ADUncle Sam is investigating claims that some miscreant stole and leaked classified information from the Pentagon and other national security agencies.
The US Department of State "is aware of claims that a cyber incident has occurred and is currently investigating," a spokesperson told The Register.
"The department takes seriously its responsibility to safeguard its information and continuously takes steps to improve the department's cybersecurity posture. For security reasons, we will not provide details on the nature and scope of the claim."
A netizen who goes by IntelBroker took credit for the cyber-heist, and on Tuesday appeared to dump at least a sample of the alleged stolen data on the dark web.
The leak, spotted by Dark Web Informer, allegedly consists of a treasure trove of contact info for government and military officials – including names, email addresses, and office and personal cell phone numbers belonging to Pentagon and government employees – plus classified and confidential communications and documents shared between the Five Eyes' intelligence agencies and other US allies.
IntelBroker bragged about the leak on Twitter, sorry, X, before being booted from the social network — and said they obtained the records after breaking into the IT environment of Acuity, a Virginia-based consulting firm that works with the US government and national security organizations.
Acuity did not respond to The Register's request for comment. We will update this story if and when we receive a response.
The intrusion may have happened last month: At the time, the same miscreant claimed to have stolen sensitive information, via Acuity, belonging to US Immigration and Customs Enforcement (aka ICE) and US Citizenship and Immigration Services, including personal details about 100,000 folks plus email addresses and plain-text passwords.
Ivanti commits to secure-by-design overhaul after vulnerability nightmare Microsoft slammed for lax security that led to China's cyber-raid on Exchange Online Ransomware gang did steal residents' confidential data, UK city council admits Feds finally decide to do something about years-old SS7 spy holes in phone networksIntelBroker bragged they used a zero-day bug in GitHub to access Acuity's tokens and snatch the government data.
This follows an earlier theft of State Department data also involving Microsoft, which owns GitHub.
In that case, in June 2023, Chinese government snoops, known as Storm-0558, compromised Microsoft keys and breached the IT giant's Exchange Online hosted email service to steal some 60,000 emails from the department, plus a list of all its employees' email addresses. ®