An extortionist claims to have stolen files from the US Army Aviation and Missile Command in August 2023, and now claims they are selling access to a $75 billion aerospace and defense company.

US Army Aviation and Missile Command (AMCOM) develops and maintains the Army's aviation, missile and drone capabilities

According to the criminal(s), who has been especially active lately and goes by the moniker IntelBroker - and it's important to keep in mind that crims aren't necessarily the most trustworthy folks - the AMCOM data dump includes maintenance tasks, PDFs, png files and some .txt files.

A spokesperson for the US Army didn't immediately respond to The Register's inquiries.

Hackmanac, an infosec firm that scours the dark web, spotted IntelBroker's alleged AMCOM leak. But added: "The confirmation or denial of these claims has yet to be verified."

Shortly afterwards the same individual or crew put up for sale what it alleges is data stolen from a $75 billion US aerospace and defense contractor. The compromised data, according to the leak site, includes a ton of code, including source software, swiped from the defense company's CI/CD pipeline, Bitbucket, Github and Apache SVN repositories.

The listing, spotted and shared via social media by Dark Web Informer, went up on Wednesday, with IntelBroker asking would-be buyers to "Message me offers. XMR only."

This particular miscreant has been especially active in recent months targeting law enforcement and government agencies.

On Monday, Europol confirmed that it is investigating IntelBroker's claims about stealing confidential data from the Europol Platform for Experts user group.

"No core systems of Europol are affected and therefore, no operational data from Europol has been compromised," a spokesperson told The Register. 

The crook also bragged about stealing data belonging to the Pentagon and other national security agencies last month.

Also in April, Home Depot confirmed that one of its third-party vendors accidentally exposed some of its employees' personal details after IntelBroker purportedly shared the info on BreachForums, a site currently taken down by the Feds. 

At the time, the thief claimed to have posted a Home Depot database containing corporate information belonging to 10,000 employees from an April attack. ®

https://www.theregister.com//2024/05/15/us_army_contractor_data_loss/