Threats

IntelBroker Unmasked: Notorious Hacker Revealed as 25-Year-Old Former UK Crime Agency Trainee

Zero Day Wire

2 min read
IntelBroker Unmasked: Notorious Hacker Revealed as 25-Year-Old Former UK Crime Agency Trainee

The identity behind one of the most prolific cybercriminal personas of recent years has been revealed. IntelBroker, the hacker who haunted major corporations and government agencies, is Kai Logan West - a 25-year-old British national and former National Crime Agency trainee.

West was arrested in France in February 2025 and charged in June 2025, allegedly causing over $25 million in damages worldwide.

Who Is Kai Logan West?

For years, IntelBroker claimed to be Serbian and living in Russia. In reality, he was a young man from England who had previously worked as a trainee at the UK's National Crime Agency - the British equivalent of the FBI.

Online, he operated under aliases including "IntelBroker" and "Kyle Northern."

Criminal Operations

West's activities spanned multiple fronts:

BreachForums Ownership: He became owner of the notorious cybercrime marketplace from August 2024 to January 2025, before resigning citing lack of time.

Data Theft: Between 2023 and 2025, he posted over 150 threads selling stolen data or leaking it to build reputation.

Hacking Collective: He coordinated attacks through a group targeting telecommunications firms and healthcare providers.

Endurance Malware: West developed a C# wiper malware called "Endurance" used against U.S. government agencies. Unlike ransomware, it permanently deleted files rather than encrypting them.

High-Profile Targets

How He Got Caught

Despite his sophisticated operations, West made critical mistakes:

  1. Bitcoin trap: In January 2023, an undercover officer convinced him to accept Bitcoin instead of Monero. Bitcoin transactions are publicly traceable.
  2. IP address reuse: He used the same internet connection for hacking activities and personal browsing.
  3. YouTube crossover: His personal IP watched specific YouTube videos that "IntelBroker" then posted on hacking forums.

These operational security failures gave investigators the thread they needed.

Cryptocurrency Preference

West typically demanded payment in Monero for its privacy features that obscure transaction details. His one-time acceptance of Bitcoin proved to be his downfall.

Read more

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

ClickFix Campaign Compromises Legitimate Sites to Deploy MIMICRAT — A Custom C++ RAT With 22 Post-Exploitation Commands

Elastic Security Labs has disclosed a new ClickFix campaign that leverages compromised legitimate websites as delivery infrastructure to deploy a previously undocumented remote access trojan dubbed MIMICRAT (also tracked as AstarionRAT). The campaign, discovered earlier this month, demonstrates significant operational sophistication — from multi-stage PowerShell chains that bypass Windows security controls

By Zero Day Wire
ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

ShinyHunters Linked to Device Code Vishing Attacks Targeting Microsoft Entra Accounts via OAuth 2.0 Abuse

A new wave of attacks is combining voice phishing (vishing) with OAuth 2.0 device authorization abuse to compromise Microsoft Entra accounts at technology, manufacturing, and financial organizations — bypassing traditional phishing infrastructure entirely. Sources told BleepingComputer they believe the ShinyHunters extortion gang is behind the campaigns, which the threat actors

By Zero Day Wire