Hewlett Packard Enterprise Investigates Alleged Security Breach

Hewlett Packard Enterprise (HPE) is examining claims of a potential breach after a threat actor alleged they had stolen sensitive documents from the company’s developer environments.

HPE informed BleepingComputer that, as of now, it has not found any evidence supporting these claims but is actively investigating the situation.

“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” stated spokesperson Clare Loxley.

“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved,” Loxley added.

Details of the Allegations

IntelBroker, the group making the claims, stated that they accessed HPE’s API, WePay platform, and both private and public GitHub repositories for at least two days. The group alleges to have stolen:

  • Certificates (private and public keys)
  • Source code for Zerto and iLO
  • Docker builds
  • Historical personal information used for deliveries

Additionally, IntelBroker released an archive containing credentials and access tokens they claim to have stolen from HPE systems almost a year ago on February 1, 2024. HPE previously investigated similar claims but found no evidence of a security breach.

IntelBroker’s Track Record

IntelBroker is a notorious cybercriminal group previously linked to high-profile breaches, including:

  • DC Health Link: Breached the health care platform used by U.S. House of Representatives members, leaking personal data of 170,000 individuals and prompting a congressional hearing.
  • Corporate Breaches: Involved in breaches of Nokia, Cisco, Europol, Home Depot, and Acuity.
  • Alleged Incidents: Claimed breaches of AMD, the State Department, Zscaler, Ford, and General Electric Aviation.

HPE’s History of Security Incidents

HPE has faced several significant security breaches in the past:

  1. 2018: APT10, a group of Chinese hackers, reportedly compromised some of HPE’s systems, leveraging access to infiltrate customers’ devices.
  2. 2021: Attackers accessed data repositories within the Aruba Central network monitoring platform, exposing data about monitored devices and their locations.
  3. 2023: HPE’s Microsoft Office 365 email environment was breached by attackers believed to belong to the APT29 group, linked to Russia’s Foreign Intelligence Service (SVR).

As HPE continues to investigate the current claims, it has reassured stakeholders that there is no evidence of customer information being compromised or any operational impact on its business.

Leave a Comment