HPE investigates breach as hacker claims to steal source code

Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company’s developer environments.

The company has told BleepingComputer that it hasn’t found any evidence of a security breach, but it is investigating the threat actor’s claims.

“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” spokesperson Clare Loxley told BleepingComputer.

“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved.”

IntelBroker, who announced the sale of information allegedly stolen from HPE’s networks, claims they had access to the company’s API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.

IntelBroker HPE breach claims
IntelBroker HPE breach claims (BleepingComputer)

​IntelBroker put up another archive of data (including credentials and access tokens) allegedly stolen from HPE’s systems almost one year ago, on February 1, 2024. The company also said at the time that it was investigating the threat actor’s claims but had no evidence of a security breach.

IntelBroker gained notoriety after breaching DC Health Link—the organization that administers the U.S. House of Representatives members’ health care plans—an incident that led to a congressional hearing after the personal data belonging to 170,000 affected individuals was leaked online.

Other incidents linked to IntelBroker include the breaches of Nokia, Cisco, Europol, Home Depot, and Acuity and alleged breaches of AMD, the State Department, Zscaler, Ford, and General Electric Aviation.

HPE was also breached in 2018 when APT10 Chinese hackers reportedly compromised some of its systems and used the access to hack into customers’ devices.

More recently, in 2021, the tech giant disclosed that the data repositories of its Aruba Central network monitoring platform had also been compromised, enabling attackers to access data about monitored devices and their locations.

HPE also revealed one year ago that its Microsoft Office 365 email environment was breached in May 2023 by attackers believed to be part of the APT29 hacking group, which is linked to Russia’s Foreign Intelligence Service (SVR).

Source link