Three Apple internal tools allegedly stolen following June server breach

Servers in a data center

Apple prides itself on being security-focused and being willing to defend the privacy of customers. However, it is claimed that it was the victim of a breach earlier in June.

In a post by DarkWebInformer on X, the threat actor IntelBroker has allegedly leaked code from Apple. Posted to a hacker forum, it is alleged that the post contains the "internal source code" to three of Apple's "commonly used tools" for internal purposes.

The three tools are identified as AppleConnect-SSO, Apple-HWE-Confluence-Advanced, and AppleMacroPlugin.

Of the three tools, the first is to allow employees to authenticate and access other applications used on Apple's internal network. However, it is a deprecated tool, and has been for a few years.

Apple-HWE-Confluence-Advanced is a similar tool that has been deprecated, while also requiring employee authentication. However, little is known about either it or AppleMacroPlugin's range of capabilities.

The forum post by IntelBroker offers no other real details, nor motives for the shared apps. Usually in major breaches, there are offers to sell data, which could include source code, but that doesn't appear to be the case here.

AppleInsider has contacted Apple for clarification.

The claimed breach arrives shortly after IntelBroker made other claims about AMD, including selling data supposedly pulled from an AMD breach from June. In that case, the data trove allegedly contained information about future AMD products, employee and customer databases, and finance information.

AMD has started to investigate whether the attack actually took place.