Hewlett Packard Enterprise (HPE) is currently investigating a potential breach after an unknown threat actor put up stolen data for sale on a hacking forum. The threat actor claims that the data contains HPE credentials and other sensitive information.
According to a report from BleepingComputer, HPE has stated that they have not found any evidence of a security breach, and no ransom has yet been requested. However, the company is taking the threat actor’s claims seriously and looking into the situation.
Adam R. Bauer, HPE’s Senior Director for Global Communications, told BleepingComputer that they are “aware of the claims and are investigating their veracity.” At this time, HPE has not found any evidence of an intrusion or any impact to its products or services, and there has not been an extortion attempt.
The threat actor, known as IntelBroker, has shared screenshots of purportedly stolen HPE credentials but has not disclosed the source of the information or the method used to obtain it. The information they claim to have includes CI/CD access, system logs, config files, access tokens, HPE StoreOnce files (serial numbers warrant, etc.), and access passwords, with email services also included.
IntelBroker was previously involved in the breach of DC Health Link, which resulted in a congressional hearing after it exposed the personal data of U.S. House of Representatives members and staff. Additionally, they were linked to the breach of the Weee! grocery service and an alleged breach of General Electric Aviation.
This recent incident comes after HPE disclosed a data breach in which the company’s Microsoft Office 365 email environment was breached in May 2023 by hackers believed to be part of the Russian APT29 hacking group associated with Russia’s Foreign Intelligence Service (SVR). The Russian hackers stole SharePoint files and data from HPE’s cybersecurity team and other departments, maintaining access to its cloud infrastructure until December.
It’s important to note that HPE has previously dealt with cybersecurity incidents. They were previously breached in 2018 when APT10 Chinese hackers hacked into IBM’s networks and used the access to infiltrate their customers’ devices. In 2021, data repositories of its Aruba Central network monitoring platform were compromised, enabling attackers to access data about monitored devices and their locations.
In light of this latest potential breach, HPE is thoroughly investigating the situation. At this time, they do not have any additional details to share, but they are taking necessary steps to ensure the security of their systems and data.
As the investigation continues, it is essential for organizations to stay vigilant and prioritize cybersecurity measures to protect against potential threats and attacks. HPE has a responsibility to its customers and stakeholders to address this situation with the utmost urgency and transparency.