IntelBroker steals classified data from the Europol website

The EU’s law enforcement agency, Europol, has fallen victim to a data breach compromising sensitive, classified data on one of its web platforms, Europol Platform for Experts (EPE).

According to a Europol statement to BleepingComputer, the breach affects a small group of individuals on the EPE portal and is being proactively looked into.

“Europol is aware of the incident and is assessing the situation. Initial actions have already been taken. The incident concerns a Europol Platform for Expert (EPE) closed user group,” Europol said.

The confirmation comes after a threat actor within the “Cyberniggers” hacker group, IntelBroker claimed on the dark web they possessed stolen “For Office Use Only” (FOUO) documents from Europol containing classified data.

Core operations remain unaffected

Europol, through the statement, has assured none of the operational data has been breached as the compromised portal does not include any system critical data. The EPE website, however, is presently offline and is displaying a notification of maintenance to visitors.

“No operational information is processed on this EPE application,” the agency said. “No core systems of Europol are affected and therefore, no operational data from Europol has been compromised.”

The breach has brought back into focus an earlier Europol security incident reported in March which involved the disappearance of physical personal records belonging to Catherine De Bolle, Europol’s executive director, and other senior officials before September 2023.

Despite the agency’s assurances of minimal impact, questions are being raised about the security of data even within high-profile government agencies like the Europol.

“This incident shows hackers are few steps ahead even from Government and law enforcement sites,” said Pareekh Jain, chief analyst at Pareekh Consulting.“These law enforcement agencies need to up their security preparation with more collaboration from security tech companies, more ethical hacking, penetration testing, and bug bounties. Also, a collaboration between different state agencies like in the US, Europe, and Asia is required to keep these sophisticated hackers in check.”

Massive classified data compromise

IntelBroker described the data breached as containing classified information from within the FOUO section, including information on alliance employees, FOUO source code, PDFs, and documents for recon and guidelines.

Additionally, the threat actor claimed to gain access to EC3 SPACE (Secure Platform for Accredited Cybercrime Experts), an EPE portal community with “hundreds of cybercrime-related materials” used by over 6,000 authorized cybercrime experts from around the world.

The experts’ community includes law enforcement from EU Member States’ competent authorities as well as non-EU countries, judicial authorities, academic institutes, private companies, non-governmental and international organizations, and the Europol staff.

“PRICING: Send offers. XMR ONLY. Message me on the forums for a point of contact,” IntelBroker posted on BreachForums. “Proof of funds is required. I am only selling to reputable members,” the threat actor said in a Friday post on a hacking forum.

The hack post by the threat actor also boasted a compromise of the SIRIUS platform, an access portal to cross-border electronic evidence in criminal investigations, used by European law enforcement authorities. The incident marks IntelBroker’s second high-profile hack within a week, the first being a critical Zscaler breach reported on May 8.