HPE is investigating cybersecurity breach claims after a hacker group called IntelBroker alleged it stole sensitive data from the company’s developer environments. The group announced on January 16 that it had accessed HPE’s networks over two days, obtaining source code, access keys, and user information. HPE spokesperson Clare Loxley said, “HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims.
There is no operational impact to our business now, nor evidence that customer information is involved.”
According to IntelBroker, the stolen data includes access to HPE’s API, WePay, and various GitHub repositories, as well as private and public keys, Zerto and iLO source code, Docker builds, and old user personal information used for deliveries. The hacker group released more data on February 1, 2024, including credentials and access tokens allegedly from HPE’s systems. However, HPE reiterated that its investigation had found no evidence of a security breach.
HPE activates cyber response protocols
IntelBroker has been involved in several high-profile data breaches, including incidents involving the healthcare plan administrator for U.S. House of Representatives members, where the personal data of 170,000 individuals was leaked online. HPE has previously dealt with breaches by other threat actors.
In one instance, APT10, a group linked to Chinese hackers, reportedly compromised some of HPE’s systems and used the access to hack into customers’ devices. In 2021, HPE disclosed that the data repositories of its monitored devices contained exposed data, making it accessible to attackers. A year ago, the company also revealed that attackers compromised its Microsoft Office 365 email environment, which is believed to be part of the APT29 hacking group linked to Russia’s Foreign Intelligence Service (SVR).
As the investigation continues, HPE is working to verify IntelBroker’s claims and ensure the security of its systems and customer data.
