Kai West, known in the cybercrime world by his alias IntelBroker, is a prolific individual threat actor accused of orchestrating a series of high-profile data breaches targeting major companies, including Apple, Zscaler, and more.
Over the course of several years, West is alleged to have operated as the driving force behind CyberNiggers, a hacking group responsible for infiltrating networks of government agencies—including Europol, the U.S. Department of Transportation, and the Pentagon—and leaking classified and sensitive information.
IntelBroker has also been linked to attacks on critical infrastructure and industry giants like Acuity, General Electric, and Home Depot. His method of operation involved hacking into corporate and government systems, stealing valuable data, and then selling access or information on underground cybercrime forums such as BreachForums, impacting a wide range of sectors and organizations globally.
On June 25, 2025, federal prosecutors in the Southern District of New York unsealed criminal charges against Kai West, a 25-year-old British national, bringing to light the extensive cybercrime campaign led by the person under the alias IntelBroker. The case exposes the scale and technical prowess of his alleged operations, revealing a widespread network of compromised systems and stolen data that caused more than $25 million in damages worldwide.
A Global Cybercrime Operation
Between 2023 and early 2025, West and his associates reportedly infiltrated high-profile companies, including Apple, Zscaler and government agencies such as Europol and the U.S. Department of Transportation. The breaches targeted diverse sectors ranging from healthcare providers and telecommunications firms to critical infrastructure giants like General Electric and Home Depot. According to official court filings, the stolen data was frequently posted or sold on a cybercrime forum called BreachForums, a privacy-focused marketplace utilizing the cryptocurrency Monero for transactions.
BreachForums operates as a notorious underground platform where hackers trade stolen information, gain notoriety, and transact through a credit system. West, using the IntelBroker handle, was an active presence on the forum, posting at least 158 threads offering stolen data for sale or exchange. His listings involved over $2 million in asking prices, with some offers inviting private negotiation. Public activity records show IntelBroker authored more than 335 posts and 2,100 comments from locations including Manhattan, New York.
Arrest and Legal Proceedings
West was apprehended in France in February 2025 following a coordinated international law enforcement effort involving the FBI and authorities from France, Spain, the United Kingdom, and the Netherlands. The U.S. government is pursuing extradition to face multiple charges, including conspiracy to commit computer intrusions, wire fraud, and accessing protected computers to defraud.
If convicted, West faces penalties of up to 20 years for wire fraud conspiracy and up to 5 years for conspiracy to commit computer intrusions and unauthorized access. The case is being prosecuted by the SDNY’s Complex Frauds and Cybercrime Unit, supported by FBI cyber investigators.
FBI Assistant Director Christopher Raia highlighted the seriousness of the charges, stating, “This should be a warning, cybercriminals cannot hide behind screens.” He emphasized the global cooperation required to hold threat actors accountable.
The Scope of the Hack
Court documents detail how West’s group systematically breached networks, stole sensitive information, including personal healthcare data, and disrupted business operations. Some attacks went beyond data theft; at least one medical provider was targeted in a way that interfered with patient care.
The hackers used their BreachForums presence not only to sell stolen information but also to build their reputation in the cybercrime underground. IntelBroker’s posts referenced a co-conspirator identified as “CC-1,” highlighting the collaborative nature of these campaigns. Payments were typically requested in Monero, a cryptocurrency known for its enhanced privacy and untraceability.
BreachForums itself has seen multiple iterations since its inception in March 2022, with the latest version launched in May 2024. West’s contributions from June 2023 onward remain publicly accessible on the forum, offering investigators insight into his operational methods.
Unmasking IntelBroker
Contrary to initial speculation that IntelBroker was part of a larger, highly coordinated hacking collective, an exclusive interview conducted by The Cyber Express revealed that West operated primarily on his own. During the candid conversation, West reflected on his hacking journey, motivations, and experiences, providing a rare glimpse into the mind of a serial cybercriminal.
When asked about his first hacking experience, IntelBroker downplayed any singular moment, describing his path as a continuous process of learning and adaptation. He dismissed rumors linking him to Iranian Advanced Persistent Threat (APT) groups, calling such claims oversimplifications common in law enforcement narratives.
Interestingly, when questioned about his preferred tool of choice, West humorously responded that a bottle opener would be his pick—symbolizing a break from the digital world and a nod to enjoying simpler, offline pleasures.
He also shed light on his affiliation with CyberNiggers, explaining that while he was a leading figure, he maintained a distinct personal identity within the group. He recalled how the group evolved from the original BreachForums platform to its successor, noting a slowdown in engagement and content quality on the newer site.
West shared thoughts on several high-profile breaches, including incidents involving DARPA, General Electric, and AT&T. He lamented the lack of media attention on some of these large-scale compromises, pointing out that their real-world impacts were often underreported.
One memorable “facepalm” moment involved a poorly secured hack by gaming hardware company Razer, where a drawn-out investigation yielded little corrective action. A reflection, he suggested, of many organizations’ inadequate cybersecurity responses.
Financially, West claimed to have earned over $100,000 in his first year of hacking activity, highlighting the lucrative nature of exploiting digital vulnerabilities. On the topic of corporate transparency, he criticized companies that conceal breach incidents, advocating for openness and proper reporting to regulatory bodies like the SEC to preserve trust and accountability.
Conclusion
The IntelBroker case highlights the critical need for advanced cyber threat detection and response. Cyble’s integrated platform offers AI-driven threat intelligence, dark web monitoring, and vulnerability management to help organizations identify and mitigate risks in real time. By leveraging Cyble’s solutions, businesses can better protect their digital assets against cyber threats and maintain resilience.
