Introduction
Hewlett Packard Enterprise (HPE) [1] [2] [3] [4] [6] [7] [8] [9] is currently addressing a significant cybersecurity incident involving a breach by the hacker known as IntelBroker. This breach has exposed sensitive data and poses potential risks to HPE’s proprietary information and customer security.
Description
Hewlett Packard Enterprise (HPE), a global technology solutions provider based in Houston [6], TX [6], is currently investigating claims made by the hacker IntelBroker [7], who is reportedly part of the group CyberN—–s and has breached the company’s systems. IntelBroker is offering to sell sensitive data on a hacking forum, including product source code for HPE’s Zerto and iLO platforms, private GitHub repositories containing proprietary code and development assets [8], Docker builds [1] [3] [4] [6] [7] [8] [9], and critical SAP Hybris configurations [8]. The exposure of these private repositories poses risks to proprietary code and intellectual property [3], while compromised Docker builds threaten application deployment and security [3]. The hacker has also claimed to provide access to HPE’s API, WePay [1] [3] [4] [7] [8] [9], and GitHub [1] [7], along with legacy user personally identifiable information (PII) such as names, email addresses [1], and passwords [1], which could facilitate identity theft or targeted phishing attacks [3].
On January 16 [7], IntelBroker announced on BreachForums that they are selling files that allegedly include intricate details about HPE’s infrastructure, including web service endpoints and configuration files [9]. The hacker claims to have accessed HPE’s services for approximately two days before making the data available for sale [4], exfiltrating around 4.5 terabytes of data [1], of which a partial upload of 2.9 gigabytes was shared as proof of the breach. Additionally, IntelBroker claims to have obtained essential cryptographic certificates, including both public and private keys [8], which are critical for secure communications and data integrity [3], raising concerns about the potential severity of the exposed data. Specific files mentioned [6], such as VMW-esx-7.0.0-hpe-zertoreplication.zip and ZertoRunner.exe [6], suggest possible leaks of compiled software packages and proprietary implementations.
Screenshots shared by the hacker reveal sensitive details about HPE’s internal systems [6], including the SignonService web service and configuration details exposing credentials for Salesforce and internal URLs for SAP S/4 HANA services [6], highlighting significant security vulnerabilities [6]. A spokesperson for HPE confirmed awareness of the breach claims but stated that there has been no operational impact and no evidence of compromised customer data [7]. In response, HPE has activated its cyber response protocols [7], disabled related credentials [7], and initiated an investigation to assess the validity of the claims [7]. IntelBroker is reportedly demanding payment in Monero cryptocurrency for the complete dataset [9], which could enable further targeted attacks or unauthorized access [9].
In light of this incident, cybersecurity experts are closely monitoring the situation and advising organizations to enhance their security measures [8]. The potential fallout from the breach underscores the critical need for robust security protocols and incident response plans [8], as it may lead to regulatory scrutiny due to stringent data protection laws governing personal information [8]. The Midnight Blizzard APT group has been linked to attacks targeting HPE [5], underscoring the ongoing risks associated with advanced persistent threats in the cybersecurity landscape [5]. IntelBroker [1] [2] [3] [4] [5] [6] [7] [8] [9], believed to be of Serbian origin [2], has a history of targeting high-profile organizations [2] [7], having previously breached firms such as Cisco [7], General Electric [7], and Europol [2] [7], with some victims validating the authenticity of the stolen data while noting that the actual impact was often less severe than suggested [7]. HPE has faced cybersecurity incidents in the past, including a breach by Russian state-sponsored hackers associated with Midnight Blizzard in January 2024 [6], which targeted employee mailboxes and resulted in data theft [6], as well as an infiltration by hackers affiliated with China’s Ministry of State Security in 2018 as part of a broader cyber campaign known as Cloudhopper.
Conclusion
The breach of HPE’s systems by IntelBroker highlights the critical importance of maintaining robust cybersecurity measures and incident response protocols. While HPE has taken steps to mitigate the immediate risks, the incident serves as a reminder of the persistent threats posed by advanced cyber adversaries. Organizations must remain vigilant and proactive in safeguarding their data and infrastructure to prevent future breaches and ensure compliance with data protection regulations.
References
[1] https://www.cyberdaily.au/security/11598-intelbroker-advertises-hpe-data-for-sale
[2] https://www.cybersecurity-review.com/hpes-sensitive-data-exposed-in-alleged-intelbroker-hack/
[3] https://cybersecuritynews.com/hackers-alleged-hewlett-packard-breach/
[4] https://www.csoonline.com/article/3805743/hpes-sensitive-data-exposed-in-alleged-intelbroker-hack.html
[5] https://securityaffairs.com/173265/data-breach/hpe-is-investigating-intelbrokers-claims-of-hack.html
[6] https://hackread.com/hackers-claim-hewlett-packard-data-breach-sale/
[7] https://www.infosecurity-magazine.com/news/hpe-investigates-hacker-claims/
[8] https://gbhackers.com/intelbroker-allegedly-claiming-breach-hewlett-packard/
[9] https://thesecmaster.com/blog/intelbroker-reveals-major-data-breach-at-hewlett-packard-enterprise
