3 min Security

HPE investigates possible data breach by IntelBroker

HPE investigates possible data breach by IntelBroker

Hewlett Packard Enterprise (HPE) is investigating claims of an intrusion after IntelBroker claimed to have stolen documents from the company’s developer environments.

The company informed BleepingComputer that no evidence of a security breach was found. HPE, however, is investigating the claims. HPE was notified of claims on Jan. 16 by a group called IntelBroker, which claimed to be in possession of the company’s information. That’s what spokesperson Clare Loxley reported to BleepingComputer.

HPE subsequently activated cyber response protocols. The company disabled related logins and launched an investigation to evaluate the validity of the claims. There is no operational impact on the company at this time, and Loxley stated that there is also no evidence that customer information is involved.

Two days of access

IntelBroker announced the sale of information it allegedly stole from HPE’s networks. It claimed to have ensured at least two days of access to a company API, WePay, and (private and public) GitHub repositories, as well as certificates (private and public keys). It stole Zerto and iLO source code, Docker builds, and old personal user information used for deliveries.

IntelBroker published another data archive (including login credentials and access tokens) reportedly stolen from HPE’s systems nearly a year ago, on Feb. 1, 2024. The company also said at the time that it was investigating the threat actor’s claims but had no evidence of a security breach.

IntelBroker became known after hacking DC Health Link, the organization that manages health care plans for members of the U.S. House of Representatives. The incident led to a congressional hearing after the personal information of 170,000 affected individuals was leaked.

Previous intrusions at Nokia and Cisco

Other incidents linked to IntelBroker include intrusions at Nokia, Cisco, Europol, Home Depot, and Acuity, as well as alleged intrusions at AMD, the U.S. State Department, Zscaler, Ford, and General Electric Aviation.

HPE was also hacked in 2018 when APT10 Chinese hackers allegedly compromised some systems and used the access to hack customer devices.

More recently, in 2021, the tech giant announced that the data repositories of its Aruba Central network monitoring platform had been compromised, giving attackers access to data about monitored devices and their locations.

HPE also revealed a year ago that its Microsoft Office 365 e-mail environment was hacked in May 2023 by attackers believed to be part of the APT29 hacking group, which has been linked to Russia’s Foreign Intelligence Service (SVR).