The Target: General Electric (GE) is an American multinational company with divisions in power, renewable energy, and aerospace industries.
The Take: According to the threat actor, "data includes a lot of DARPA-related military information, files, SQL files, documents etc." As proof of the breach, the threat actor shared screenshots of what they claim is stolen GE data, including a database from GE Aviations that appears to contain information on military projects.
The Vector: The data was exposed through a server that was misconfigured so that it was accessible online.
This breach is a stark reminder of how authentication controls are in an overall robust cybersecurity posture, and that good password hygiene plays a pivotal role in protection.