Hewlett Packard Enterprise (HPE) is investigating claims made by the threat actor group IntelBroker that sensitive documents and source code were stolen from the company’s developer environments. Despite these claims, HPE has not found evidence of a breach, and its operations and customer data remain unaffected.
HPE Responds Swiftly
On January 16, HPE became aware of IntelBroker’s claims that they possessed sensitive HPE information. According to spokesperson Clare Loxley, the company activated its cyber response protocols, disabled potentially compromised credentials, and launched an investigation.
“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved,” said Loxley to BleepingComputer.
IntelBroker’s Allegations
IntelBroker alleges they accessed HPE’s API, GitHub repositories (both public and private), and WePay environments for at least two days. During this period, they claim to have stolen:
- Certificates (both private and public keys).
- Zerto and iLO source code.
- Docker builds.
- Old personal user information tied to deliveries.
This group posted another data archive on February 1, 2024, claiming it contained HPE system credentials and access tokens. HPE also stated it found no evidence of a security breach.
Notable IntelBroker Attacks
IntelBroker has gained notoriety for targeting high-profile organizations and has been linked to breaches involving:
- DC Health Link, exposing the personal data of 170,000 individuals, including U.S. House of Representatives members.
- Nokia, Cisco, Europol, and Home Depot.
- Alleged breaches of AMD, the U.S. State Department, Ford, and others.
HPE’s History of Cyber Incidents
HPE has faced several cyber incidents over the years:
- 2018: APT10, a Chinese hacking group, reportedly compromised HPE systems to gain access to customer devices.
- 2021: HPE disclosed that its Aruba Central platform’s data repositories were breached, revealing monitored device data and locations.
- 2023: HPE revealed that its Microsoft Office 365 email environment was compromised by APT29, which is linked to Russia’s SVR intelligence service.
Ongoing Investigations
HPE has not confirmed the validity of IntelBroker’s recent claims but continues investigating. The company reassures stakeholders that its business operations remain unaffected, and there is no evidence that customer data was impacted.
This developing story underscores the ongoing threat of sophisticated cybercriminal groups and highlights the importance of robust cybersecurity measures.
