BORN Group Supply Chain Breach: In-Depth Analysis of Jenkins Exploitation
Essential information
- Published
- 23/08/2024 12:23
- Modified
- 23/08/2024 13:30
- Tags
- 2024-08-23 github supply-chain
- Related entities
- 1 vulnerabilities (cve), 5 observables, 1 intrusion sets (apt), 19 techniques (mitre)
Description
This analysis examines a substantial supply chain assault on the IT service provider BORN Group. The cybercriminal Intelbroker leveraged a vulnerability (CVE-2024-23897) to breach BORN Group's infrastructure, leading to the exfiltration of sensitive information from various clients. Furthermore, Intelbroker claims to have compromised a database exposing approximately 196,000 individuals' personal details as part of this supply chain incident.