In a concerning development for the global tech community, a cybercriminal known as Tsar0Byte has claimed responsibility for breaching Nokia’s internal network. According to disclosures made on dark web forums like DarkForums, the attacker reportedly gained unauthorized access through a third-party contractor’s system, exploiting its integration with Nokia’s internal infrastructure used for tool development.
This breach is described as one of the most severe corporate data exposures Nokia has faced in recent years. The attacker claims to have stolen internal directory data of over 94,500 employees, including highly sensitive personal and professional details.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
What Was Allegedly Exposed? Internal Directory and Sensitive Logs
The threat actor released a detailed list of stolen data, which allegedly includes:
- Full names and contact details of Nokia employees
- Corporate emails, phone numbers, and job titles
- Departmental associations and LinkedIn traces
- Internal documents and logs related to external partners
- Identification numbers and corporate hierarchy maps
Cybersecurity experts warn that these assets can allow persistent access to Nokia’s systems and can fuel phishing, impersonation, and social engineering attacks on employees.
Nokia Responds: No Direct Evidence Yet, But Investigation On
Nokia’s internal cybersecurity team has acknowledged the claims and launched an investigation. While the company confirmed awareness of the breach claims, they clarified that no evidence of compromise to their primary systems has been found so far.
Despite this, Nokia continues to monitor the situation. The incident follows an earlier breach in November 2024 involving the threat actor IntelBroker, who allegedly accessed source code and credentials through another contractor — suggesting a worrying pattern in Nokia’s third-party risk posture.
Wider Implications: A Wake-Up Call on Vendor Security
This incident underscores the growing challenge of supply chain vulnerabilities, where attackers breach a major organization by targeting its contractors. It aligns with broader cybersecurity trends seen across the tech industry in 2024 and 2025, where third-party integration becomes a key weakness.
Security professionals stress the urgent need for:
- Strong vendor access audits
- Frequent cybersecurity assessments of third-party tools
- Deployment of zero-trust security frameworks that assume no user or system is inherently safe
While Nokia has not confirmed any customer data breach, the exposure of employee data alone could have long-term reputational and operational implications if exploited further.