🚨 CYBERINTEL ALERT: MASSIVE EXFILTRATION OF INFRASTRUCTURE AND INTELLECTUAL PROPERTY – ARUP GROUP 🇬🇧🏗️🔐 [STATUS: STRATEGIC DISASTER / FULLY EXPOSED] VECERT Intelligence has detected the public release of approximately 5 Terabytes of data belonging to Arup Group—the engineering firm behind landmarks such as the Sydney Opera House. Threat actor FulcrumSec has published the complete archive following the failure of a seven-month-long extortion negotiation. This incident serves as a case study in systemic failures regarding credential management (Hardcoded Secrets), allowing attackers to extract the very "core" of the company's commercial value. 🏢 Affected Entity: Arup Group (Global engineering holding company). 👤 Threat Actor: FulcrumSec. 📂 Total Volume: 5 TB (Including 377 GB of compressed GitHub repositories). 🛠️ Attack Vector (Patient Zero): A highly privileged GitHub Personal Access Token found in plaintext within the minified JavaScript of an abandoned subdomain. 📅 Intrusion Period: Persistent and undetected access from September 2025 to April 2026. 📊 Inventory of Exfiltrated Assets (VECERT Analysis) Critical Intellectual Property (Engineering Software): ArupCompute: The complete library of engineering calculations (Eurocodes, AISC, etc.), representing a decade of R&D. Oasys Suite: Source code for commercial products such as GSA and AdSec, enabling the cloning of software that Arup sells to competitors. Tunnel Optimizer: Genetic algorithms utilized in projects such as HS2 and the Melbourne Metro. Cloud Infrastructure and Secrets: 10,000 private repositories cloned. Apple Enterprise Certificates: Plaintext passwords (ArupCrystalBall) for code signing. Neuron Master Password (Smart Buildings): The production database password for 39 clients in Hong Kong was a predictable "arup.2018". Infrastructure Projects and Third-Party Data: HS2 (UK): Sensor data, archaeological site coordinates, and private data of citizens affected by compulsory land acquisition. Amazon (Seismic Assessments): Collapse fragility curves for data centers in Seattle (SEA04, SEA28). Neuron (Hong Kong): Smart building operational data for clients such as Disney HK, Hong Kong Baptist Hospital, and CLP Power. BP (Clean Energy): Geocoded site selection algorithms for clean energy logistics hubs. 🛡️ Emergency Recommendations 🔒 Total Secret Revocation: Rotating detected keys is insufficient; Arup must assume that its entire infrastructure based on exposed tokens and certificates is compromised and rebuild its trusted identities from scratch. ⚠️ Alert to Neuron Clients: The 39 clients in Hong Kong must audit their internal networks, as attackers possess the internal IP ranges and control parameters for their BMS (Building Management Systems). Monitor: analyzer.vecert.io #CyberSecurity #ArupLeaks #EngineeringSecurity #DataBreach #GitHubToken #NeuronCloud #HS2 #VECERT #CyberAlert 🏗️🛡️⚠️🚨📁

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks thehackernews.com/2022/08/ne… via @TheHackersNews #EvilPLC #EngineeringIT #EngineeringSecurity #RockwellIT #EmersonIT #SchneiderIT #GEit #cybersecurity #infosec

@CCTXCanada is honoured to welcome @rheagroup Canada to our community. We look forward to learning from your engineering experts. Welcome board! #CyberSecurity #engineeringsecurity

Junior JavaScript Software Developer: Junior JavaScript Software Developer ==================================== Req #: ******Location: Austin, TX USJob Category: EngineeringSecurity Clearance: TS/SCI with PolygraphClearance Status: Must be Obtainable Job… j.obs.link/QrKm7W

Imen CHERIF PDG #EngineeringSecurity obtient Prix Spécial Monte-Carlo Femme 2016 #Innovation bit.ly/1ZVUbkm

#EngineeringSecurity : la bague-alarme récompensée > bit.ly/1qrNhr3 #Startup issue du #LEAT #CNRSInnovation

Aujourd'hui #EngineeringSecurity est à l'honneur @CCIcotedazur lauréat Concours #Numérique membre #polescs

Découvrez nos lauréats @Terradona @Texplained_RE @YuzuUS @weverapp et #EngineeringSecurity Merci @LUsineDigitale !