IntelBroker Claims AMD Network Breach and Sale of Stolen Internal Data
AMD said it is investigating claims that its internal network was breached after the threat actor IntelBroker advertised a large cache of alleged company data for sale on a cybercrime forum. Reported samples indicate the material may include future product details, source code, firmware, internal communications, financial records, customer databases, and employee information, raising concerns over intellectual property exposure, corporate espionage, and privacy risks. AMD said it is working with law enforcement and a third-party hosting partner to determine whether the data is authentic and to assess the scope and impact of the incident.
The AMD claims fit a broader pattern of high-profile extortion and data-theft allegations tied to forum-based actors, including earlier reports in which attackers claimed to possess sensitive files from major organizations such as GE and even purported DARPA-related material, though some of those assertions remained unconfirmed. In AMD's case, public reporting indicates the stolen dataset was promoted on the dark web and may contain strategically valuable engineering and business information, making the incident significant even before full verification is complete.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
AMD confirms investigation and engages law enforcement
AMD said it was investigating the breach claims and working with law enforcement and a third-party hosting partner to assess the incident and the significance of the allegedly stolen data. The company acknowledged the reports but did not confirm the full scope of any compromise.
IntelBroker advertises alleged AMD data breach on BreachForums
IntelBroker publicly claimed to have breached AMD's internal network and offered allegedly stolen data for sale on a cybercrime forum. The advertised material reportedly included future product details, source code, firmware, internal communications, financial records, customer databases, and employee information.
IntelBroker claims theft of GE data including DARPA-related files
A threat actor identified as IntelBroker claimed to have stolen data from GE and advertised the material online, including alleged DARPA-related files. The theft remained unconfirmed at the time of reporting.
Sources
3 references tracked. Mallory keeps watching after this page renders.
AMD working with law enforcement after reports of massive data breach - hack may have uncovered future product details | Tom's Hardware
tomshardware.com
Open sourceIntelbroker Advertises Massive AMD Data Breach On Dark Web
thecyberexpress.com
Open sourceThreat Actor Claims to Have Stolen DARPA Files From GE, Data Theft Remains Unconfirmed - CPO Magazine
cpomagazine.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
IntelBroker Claims Apple Source Code Exposure Involving Internal SSO and Atlassian Plugins
Threat actor **IntelBroker** claimed to have breached Apple and posted code on BreachForums tied to three internal tools: `AppleConnect-SSO`, `Apple-HWE-Confluence-Advanced`, and `AppleMacroPlugin`. Reporting said the exposed material appeared related to Apple’s internal authentication and workflow environment, including integrations for Atlassian Jira and Confluence, raising concern that the leak could reveal sensitive implementation details useful for follow-on attacks. Apple had not confirmed a breach at the time of reporting, and major outlets had not independently verified the claim. Independent analysis cited in coverage said the leak did **not** appear to contain the full source code for the named internal tools, but rather proprietary plugins and configuration data used to connect Apple authentication systems to internal collaboration platforms. That assessment said the exposure could still create meaningful enterprise security risk by disclosing internal architecture and access-related details, while indicating that Apple customer products and services were not affected. The claim emerged shortly after IntelBroker also alleged a breach of AMD, and later reporting noted Cisco was also claimed as a victim by the same actor.
May 25, 2026
AMD Draws Criticism After Denying Bounty for Auto-Updater MITM RCE Flaw
AMD fixed a **critical remote code execution** weakness in its auto-updater software after researcher Paul reported that downloads were being fetched over insecure HTTP, creating a man-in-the-middle path to deliver malicious code. The company took **124 days** to ship a fix because multiple tools required coordinated updates, and the researcher later confirmed the software now retrieves drivers more securely. Reporting also noted lingering concerns about implementation details, including continued reliance on `CRC32` for file validation, and claims from a Reddit user that the vulnerable updater path may not have been actively used, potentially requiring users to download a fresh version of AMD’s software to receive the remediation. The dispute escalated after AMD allegedly refused to pay an expected **$10,000** bug bounty, arguing that man-in-the-middle attacks were outside the scope of its program despite earlier indications that it would issue a CVE, credit the researcher, and address the flaw. Security community criticism intensified further after AMD was reported to have changed its disclosure and bounty rules to require non-disclosure even for findings deemed out of scope, a move critics said could discourage transparency and weaken incentives for independent vulnerability research.
Jun 16, 2026
Speculative-Execution CPU Flaws Exposed Data Across Intel, AMD, and ARM Systems
Researchers disclosed the **Meltdown** and **Spectre** hardware flaws, showing that speculative execution in modern processors could let attackers read sensitive data across security boundaries on affected devices. Reuters reported that **Meltdown** primarily affected Intel processors by breaking memory isolation, while **Spectre** impacted Intel, AMD, and ARM chips by tricking applications into leaking secrets such as passwords and other protected data. CERT/CC later summarized the broader issue as cache side-channel attacks against CPU hardware using speculative execution, underscoring that the weakness was architectural rather than limited to a single product line. Major vendors and cloud providers moved to contain the fallout with software, firmware, and microcode mitigations, including Microsoft Azure protections for hosted customers and public advisories from manufacturers such as Huawei. Subsequent research showed the problem persisted beyond the initial disclosures: the **ZombieLoad** attacks demonstrated additional Intel data-leakage paths tied to speculative execution, and a later **TSX Asynchronous Abort (TAA)** variant affected some processors previously thought to be resistant. Intel issued microcode updates, but researchers and vendors warned that mitigations reduced rather than eliminated risk, that exploitation generally required local code execution, and that fully disabling the underlying CPU behavior would carry significant performance costs.
May 25, 2026