“We regularly see attempted attacks and rumors circulating, but it is crucial to rely only on official communications from Zscaler itself to get factual updates and information,” the employee had said.

The rumors started after the notorious Serbian threat actor named IntelBroker offered to sell access to a cybersecurity company with a revenue of $1.8 billion.

IntelBroker likely breached Zscaler

High profile hacker IntelBroker, in a dark web post on May 8, claimed the breach offering to sell access to “Confidential and highly critical logs packed with credentials, SMTP Access, PAuth Pointer Auth Access, SSL Passkeys & SSL Certificates.”

Immediately after IntelBroker posted claims of breach, connections were made to Zscaler as the company lists on ZoomInfo with a revenue of $1.8 billion.

Furthermore, a Mastodon user @DarkWebInformer had also confirmed that “Zscaler has been breached,” linking the attack to the IntelBroker claim. Cybersecurity news platform BleepingCoumputer also said it had seen a screenshot of the threat actor claiming it was Zscaler in the Breach Forums shoutbox.

Breach Forums is a revived version of the cybercrime site Raid Forums that IntelBroker and the threat group the actor affiliates to (CyberNiggers) use. IntelBroker is a prominent member of the group, specializing in initial access brokering, identifying and exploiting weaknesses in systems, and selling compromised access on the dark web. The hacker recently breached Space-Eyes, a geospatial intelligence firm, catering exclusively to the US government agencies. Previously, the threat actor has been linked to the breaches of the Colonial Pipeline, US Federal contractor Acuity, and General Electric.