Redazione RHC : 31 July 2025 07:33
A user with the nickname Tsar0Byte posted a shocking announcement on DarkForums, one of the most well-known underground forums in the cybercrime world: the alleged compromise of sensitive data belonging to 96,252 Nokia employees.
In the post, published at 5:15 AM the previous day, Tsar0Byte claimed responsibility for the attack and threatened further breaches, openly referring to a “breach” and declaring that this exposure was only the beginning: the next target would be internal systems, with possible access to the source code and further confidential data.
Below is the translation of the post written by cybercriminals.
We’ve penetrated deeper than you expected.
Through a vulnerable third-party link, we accessed data linked to 94,500 Nokia employees. This isn’t just a leak. This is a structural failure.
📁 Complete internal directory
📧 Company emails
📞 Phone numbers
🧠 Roles, departments, locations
🔗 LinkedIn traces, internal references
🗂️ Internal documents and partner-side records
You remained silent. You thought it would go unnoticed.
Now the world knows how weak your foundation is. 💰 The complete package is for sale. Private buyers only. Escrow accepted. We don’t seek influence, we create impact.
According to the author, access was gained through a third-party vulnerability, which allowed the download of an archive containing detailed information on over 94,500 Nokia employees. Specifically, the package on sale would contain:
The author emphasizes that this is not a simple data dump, but a deeper compromise, which puts Nokia’s internal security structure at risk. The sale of the database would be reserved for “private buyers only” and payments would be accepted exclusively in Bitcoin (BTC) or Monero (XMR), cryptocurrencies favored in cybercrime environments.
Tsar0Byte, in the message, directly addresses Nokia, accusing it of having remained silent and underestimated the incident, threatening to release even more sensitive data if the company does not take action.
This announcement demonstrates once again how underground forums like DarkForums represent a veritable black market for the trafficking of confidential information, where personal data, vulnerabilities, and access to compromised systems are sold.
Nokia has not yet released an official statement on the incident. It remains to be seen whether this is a real compromise or a tactic to gain illicit profits by exploiting the media hype. What is certain is that the news has already attracted the attention of the cyber community and could pose a serious problem for the company and the security of its employees’ data.
Redazione