After being in hiatus for some time, IntelBroker, a well-known initial access broker from BreachedForums, has made a comeback. This time, the target is the United States Citizenship and Immigration Services (USCIS). IntelBroker recently contacted vx-underground, a malware repository and sharing platform, to inform them of his latest exploit: the US Immigration Data Breach.
According to a vx-underground tweet, IntelBroker claims to have discovered a publicly exposed AWS bucket that allowed him to access USCIS data.
Although the exact nature and extent of the US Immigration data breach are yet to be confirmed, IntelBroker’s history as a notorious breached data dealer has raised concerns about the potential consequences. From the screenshots shared by vx-underground population of refugees and migration details have been shared as sample.
The claim of US Immigration data Breach comes on the day the USCIS tweeted a warning about scammers posing as officials to steal personal information or money.
IntelBroker has informed us he has no intention on selling access or sharing the data,” a follow-up tweet read.
US Immigration data Breach: IntelBroker and the tribe of initial access brokers
The USCIS, which oversees immigration and naturalization services in the United States, has not yet issued a statement regarding the breach. No alerts regarding this was found on the websites or social media channels of the FBI and other law enforcement agencies.
Initial access brokers (IABs) like IntelBroker specialize in finding and selling access to compromised systems, which can then be used for various nefarious purposes, including stealing sensitive data, deploying ransomware, and conducting espionage.
“Initial Access Brokers are rapidly evolving as an essential component of cybercrime and especially the Ransomware-as-a-Service (RaaS) supply chain,” reported cybersecurity company CYFIRMA.
“IABs’ dedicated focus on the Initial Access stage of the kill chain allows them to evolve and advance their techniques and crack open doors of even well- protected large organizations.”
In recent years, such brokers have become a growing threat to organizations worldwide, as their services can be easily purchased by anyone with enough money, including nation-states, criminal groups, and hacktivists.
IntelBroker has been an active member of the BreachForums since March of 2022.
The Cyber Express has previously reported on several posts made by IntelBroker, including breaches of Autotrader, Volvo, Hilton Hotels, and AT&T.
IntelBroker, scamsters, and the USICS alert
The United States Citizenship and Immigration Services (USCIS) has tweeted a warning to the public about scammers who are posing as USCIS officials to steal personal information or money from unsuspecting victims.
SCAM ALERT: Scammers will try to steal your identity or money by claiming to know someone at USCIS who can process applications quickly.
This is a scam!
Real USCIS officials will never contact you on social media or accept money to help with your case. https://t.co/XuEZVBfONi
— USCIS (@USCIS) April 3, 2023
According to USCIS, these scammers are claiming to know someone at USCIS who can expedite their immigration applications in exchange for a fee.
The real USCIS officials will never contact citizens on social media or accept money to help with their immigration case, the immigration service warned.
USCIS advises individuals to be vigilant and report any suspicious activity to the appropriate authorities.
To avoid falling victim to these scams, USCIS recommended that individuals verify the legitimacy of any communication they receive from USCIS by checking the USCIS website or Contacting the USCIS Contact Center.
Additionally, individuals should never provide personal information or payment to anyone claiming to be a USCIS official without first verifying their identity.
