U.S. chipmaker Intel suffered a data breach in which classified and confidential documents have been uploaded to a public file sharing service.
The cache of secret information which came from an unknown source is 20GB large and is considered to be the first part of a multi-part series of Intel-related leaks.
The data was published by Till Kottmann, a Swiss software engineer, who received the documents from an anonymous hacker who claimed that the information was stolen from Intel in a breach this year.
Some of the files in the leaked files include technical specifications related to internal chipset design. The files contained technical specs, product guides, and manuals for CPUs dating back to 2016.
A summary of the leaked files includes
- Intel ME Bringup guides + (flash) tooling + samples for various platforms
- Kabylake (Purley Platform) BIOS Reference Code and Sample Code + Initialization code (some of it as exported git repos with full history)
- Intel CEFDK (Consumer Electronics Firmware Development Kit (Bootloader stuff)) SOURCES
- Silicon / FSP source code packages for various platforms
- Various Intel Development and Debugging Tools
- Simics Simulation for Rocket Lake S and potentially other platforms
- Various roadmaps and other documents
- Binaries for Camera drivers Intel made for SpaceX
- Schematics, Docs, Tools + Firmware for the unreleased Tiger Lake platform
- (very horrible) Kabylake FDK training videos
- Intel Trace Hub + decoder files for various Intel ME versions
- Elkhart Lake Silicon Reference and Platform Sample Code
- Some Verilog stuff for various Xeon Platforms, unsure what it is exactly
- Debug BIOS/TXE builds for various Platforms
- Bootguard SDK (encrypted zip)
- Intel Snowridge / Snowfish Process Simulator ADK
- Various schematics
- Intel Marketing Material Templates (InDesign)
It is found that none of the leaked files contain sensitive data about Intel customers or employees. But it is not known what else the hacker had access to before stealing and releasing the confidential files.
Kottman is maintaining a repository with source code obtained by them and various sources hunting for misconfigured devops tools that allow access to resources. The repository contains data, proprietary code included, from dozens of companies (GE Appliances, Microsoft, Qualcomm, Motorola, AMD, Lenovo).
Intel stated that the data appears to be from the Intel Resource and Design Center which hosts information for use by their customers, partners and other external parties who have registered for access. They said that the leak may be from someone with access to the portal.