Hewlett Packard Enterprise (HPE) has launched an internal investigation following claims that sensitive data has been compromised and put up for sale. The notorious cybercriminal group, IntelBroker announced the alleged breach and sale on January 16 on a hacker forum.
Upon becoming aware of IntelBroker's claims, HPE immediately activated its cyber response protocols, disabled related credentials, and initiated a thorough investigation to determine the validity of the alleged breach.
“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE," an HPE spokesperson said.
"HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims,” they further added.
The spokesperson emphasized that there is no current operational impact on HPE’s business nor any evidence suggesting that customer information has been compromised. However, the investigation remains ongoing.
According to IntelBroker, the stolen information comprises a trove of sensitive data, including source code for HPE products such as Zerto and iLO, alongside private GitHub repositories, digital certificates, and Docker builds.
The data also allegedly includes what the hacker termed "old user PII for deliveries," hinting at personal information related to HPE users.
Further exacerbating the concerns, IntelBroker claims to offer access to services reportedly used by HPE. These services allegedly include APIs, GitHub, GitLab repositories, and WePay accounts. However, the extent of the breach and the reliability of these claims have not been independently verified.
IntelBroker has built a reputation as a prominent figure in the world of cybercrime, having targeted major corporate and government organizations. Previous victims include major enterprises like Cisco, which confirmed the authenticity of some leaked data during past incidents.
However, companies often report that the true impact of such breaches is less significant than the hacker claims.
IntelBroker, as analyzed by cybersecurity firm KELA, initially emerged as a ransomware operator in late 2022 and quickly climbed the ranks within the dark web ecosystem, becoming a prominent figure on an infamous forum for the sale and trade of stolen data.
Known for leveraging vulnerabilities as a primary attack vector, IntelBroker maintains a particularly strong reputation within the cybercrime community due to operational security (OpSec) expertise and the use of advanced anonymity tools, often targeting highly sensitive data and demanding ransom payments exclusively in Monero (XMR) for increased anonymity.