Threat actor claims to have breached Apple, stealing source code for several internal tools

Notorious threat actor IntelBroker, which previously claimed responsibility for other high-profile data breaches including those of US government systems in April, reportedly leaked the source code of several internal tools used at Apple via a forum post from the dark web.

According to the IntelBroker post, “In June 2024, suffered a data breach,” presumably on their part, which led to this exposure. The threat actor claims to have obtained the source code for the following internal tools:

  • AppleConnect-SSO
  • Apple-HWE-Confluence-Advanced
  • AppleMacroPlugin

Although little is known about Apple-HWE-Confluence-Advanced and AppleMacroPlugin, AppleConnect-SSO is an authentication system that allows employees to access specific applications within the Apple network. The system is integrated with the company's directory services database, ensuring secure access to internal resources.

On iOS, employee-only apps can use AppleConnect-SSO as a gesture-based login system where a user easily sets up a pattern instead of a password. AppleConnect is known to have been implemented in the Concierge application, used by Apple Store employees, and in Switchboard before it is discontinued in 2021. Other than that, it is unclear how widely used the tool is.

Post from IntelBroker on the BreachForums Dark Web Message Board. Screenshot via HackManac on X.

IntelBroker provided no further details in the post. It appears the data might be for sale, although it's not clear. Nonetheless, it is important to emphasize that this alleged breach is localized internally and has no apparent impact on Apple customer data.

A source close to the matter said 9to5Mac that most Dark Web forums attempt to maintain a strict vetting process to weed out scammers who want to sell “leaked data” that they don't own. Although this possibility is still non-zero, IntelBroker enjoys a growing reputation.

The cybercriminal is known for breaches on large organizations like AMD (posted yesterday and currently under investigation), Zscaler, General Electric, AT&T, Home Depot, Barclays Bank and government agencies such as Europol and the US State Department.

We've reached out to Apple for comment and will update if we receive a response.

