- In mid-January, IntelBroker offered an HPE archive for sale
- The hacker claims it contains sensitive data such as source code and access
- HPE said it was investigating the claims
Hewlett Packard Enterprise (HPE) said it was investigating claims of a data breach, recently made by a known leakster IntelBroker.
On January 16, IntelBroker (known for their attacks on DC Health Link, Nokia, Cisco, and many others) posted a new thread on the infamous BreachForums, saying “today, I am selling the Hewlett Packard Enterprise (HPE) data breach.”
In the thread, the leakster said that together with partners zjj, and EnergyWeaponUser, they had been “connecting to some of their services for about 2 days now.”
Who is IntelBroker
The compromised data being sold in this new archive includes source code from private GitHub repositories, Docker builds, SAP Hybris, and Certificates (including private and public keys). Product source code for Zerto and iLO, user data, access to APIs, WePay, GitHub, and more was also allegedly stolen.
In response, HPE said it rotated credentials and started its investigation to see if the claims hold any water. So far, the company hasn’t seen any evidence of break-ins:
“HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” spokesperson Clare Loxley told BleepingComputer. “HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved.”
IntelBroker is allegedly a Serbian cybercriminal with a strong track record for data compromise. Active since October 2022, they’re known for several high-profile cyberattacks against Acuity (April 2024), Pandabuy (March 2024), and Europol (May 2024).
Via BleepingComputer