Hewlett Packard Enterprise (HPE) is currently in the midst of an investigation following claims made by a threat actor stating that they have successfully stolen data from the company’s network. The threat actor in question, known as IntelBroker, has been actively operating since at least 2022 and took credit for the breach on the BreachForums underground forum. IntelBroker boldly alleged that they had managed to obtain access to various critical components of HPE’s infrastructure, including the company’s API, WePay, private and public GitHub repositories, Zerto and iLO source code, old user information, and more.
This recent breach adds to IntelBroker’s list of high-profile cyberattacks, with previous targets including organizations such as AMD, Europol, Cisco, Nokia, and many others. Members of IntelBroker have notable ties to leadership positions at BreachForums, further underlining the group’s expertise and capabilities in conducting sophisticated cyber intrusions.
Notably, this is not the first time that HPE has been faced with security breaches orchestrated by malicious actors. In 2018, APT10 hackers were reported to have compromised select HPE systems, infiltrating customer devices and extracting sensitive information. Then, in 2021, the security of HPE’s Aruba Central network monitoring platform was breached, enabling threat actors to access critical data related to monitored devices.
As HPE endeavors to unravel the recent claims of a data breach, uncertainties persist regarding the veracity of the allegations and the potential methods employed to execute the breach. An HPE spokesperson confirmed that the company was made aware of the breach claims on January 16 by IntelBroker and promptly activated their cyber-response protocols. Steps were taken to mitigate the situation, including disabling relevant credentials and initiating a thorough investigation to assess the extent of the breach.
Although HPE has disclosed that there is currently no evidence indicating customer information was compromised and no discernible operational impact on the business at present, the ongoing investigation underscores the critical importance of bolstering cybersecurity measures to safeguard against future intrusions. In an era marked by escalating cyber threats, organizations must remain vigilant and proactive in fortifying their defenses to protect sensitive data and preserve the integrity of their operations.