Hewlett Packard Enterprise (HPE) is facing a potential data breach as chunks of its data are reportedly being offered for sale on the dark web. The revelation came from a post made on February 1st by a hacker known as IntelBroker, who claimed to have acquired sensitive information related to the organization.
According to the hacker’s claims, the stolen data includes CI/CD access, system logs, configuration files, access tokens, and passwords related to HPE. The hacker, under the pseudonym IntelBroker, posted details of the data for sale on the BreachForums Community, specifically mentioning HPE StoreOnce files and access passwords, with a specific reference to email services.
Screenshots of code in JSON format were also shared by the hacker, providing a glimpse into the stolen data. The code included network configuration details, such as IP addresses, subnet masks, gateways, and DNS settings, along with credentials and network capabilities for different services.
When approached for a statement regarding the alleged data breach, HPE did not provide an official response, leaving the claims made by IntelBroker unverified.
This potential breach follows a recent cyberattack on HPE by the Russian state-sponsored actor APT29, also known as Cozy Bear or Midnight Blizzard. Microsoft’s security team detected the sophisticated nation-state attack on HPE’s corporate systems on December 12, 2023, after which HPE initiated an investigation and containment efforts to eradicate the malicious activity.
The investigation revealed that the threat actor had gained unauthorized access to HPE’s systems and exfiltrated data from a limited number of mailboxes, particularly those belonging to individuals in cybersecurity, go-to-market, business segments, and other functions. However, the investigation did not find evidence of a data extrusion.
It’s important to note that while reports are based on internal and external research, the information provided is for reference purposes only and users bear full responsibility for their reliance on it. It’s a development to monitor, as the potential data breach could have far-reaching consequences for HPE and its stakeholders.
As the situation unfolds, the cybersecurity community will be closely watching for any further developments or responses from HPE regarding the alleged data breach. The need for robust cybersecurity measures and swift incident response protocols has become increasingly critical in the face of evolving cyber threats.