HPE Investigates Claims of New Data Breach by Threat Actor IntelBroker

2025-01-20

In the ever-evolving landscape of cybersecurity, even tech giants like Hewlett Packard Enterprise (HPE) are not immune to threats. Recently, HPE has found itself at the center of a potential security breach after a threat actor known as IntelBroker claimed to have stolen sensitive documents from the company’s developer environments. While HPE has yet to confirm the breach, the incident has raised concerns about the security of corporate data and the growing sophistication of cybercriminals.

the Incident

On January 16, 2024, HPE became aware of claims made by IntelBroker, a notorious threat actor, alleging possession of sensitive information belonging to the company. IntelBroker claimed to have accessed HPE’s API, WePay, and GitHub repositories—both private and public—for at least two days. During this time, they reportedly stole certificates, private and public keys, Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.

HPE responded swiftly by activating its cyber response protocols, disabling related credentials, and launching an investigation. The company stated that there is no operational impact on its business and no evidence that customer information was compromised. However, this is not the first time IntelBroker has targeted HPE. Almost a year ago, on February 1, 2024, the threat actor posted another archive of data allegedly stolen from HPE’s systems, including credentials and access tokens. At that time, HPE also investigated but found no evidence of a breach.

IntelBroker is no stranger to high-profile breaches. The group gained notoriety after compromising DC Health Link, which administers health care plans for U.S. House of Representatives members. This breach led to a congressional hearing after the personal data of 170,000 individuals was leaked. Other victims of IntelBroker include Nokia, Cisco, Europol, Home Depot, Acuity, AMD, the State Department, Zscaler, Ford, and General Electric Aviation.

HPE has faced cybersecurity challenges in the past as well. In 2018, Chinese hacking group APT10 breached some of its systems, using the access to infiltrate customer devices. More recently, in 2021, HPE disclosed that its Aruba Central network monitoring platform had been compromised, allowing attackers to access data about monitored devices and their locations. Additionally, in May 2023, HPE revealed that its Microsoft Office 365 email environment was breached by APT29, a hacking group linked to Russia’s Foreign Intelligence Service (SVR).

What Undercode Say:

The alleged breach of HPE by IntelBroker highlights several critical issues in the realm of cybersecurity. First, it underscores the persistent threat posed by sophisticated threat actors who continuously evolve their tactics to exploit vulnerabilities in corporate systems. IntelBroker’s ability to allegedly access HPE’s API, GitHub repositories, and other sensitive environments suggests a high level of technical expertise and planning.

Second, the incident raises questions about the effectiveness of HPE’s cybersecurity measures. While the company has not confirmed the breach, the fact that IntelBroker has targeted HPE multiple times indicates that the threat actor sees value in the company’s data. This could be due to the sensitive nature of the information HPE handles, including source code, certificates, and user data. The repeated targeting of HPE also suggests that the company may need to reassess its security protocols to prevent future breaches.

Third, the broader implications of this incident extend beyond HPE. IntelBroker’s history of targeting high-profile organizations like DC Health Link, Nokia, and Cisco demonstrates the group’s capability to infiltrate even the most secure systems. This raises concerns about the overall state of cybersecurity across industries and the need for organizations to adopt more robust defense mechanisms.

From an analytical perspective, the HPE incident also highlights the importance of transparency in cybersecurity. While HPE has been proactive in investigating the claims and communicating with stakeholders, the lack of concrete evidence of a breach leaves room for speculation. In such situations, companies must strike a balance between protecting their reputation and providing timely, accurate information to their customers and partners.

Moreover, the incident serves as a reminder of the interconnected nature of cybersecurity. A breach in one organization can have ripple effects across the industry, as threat actors often use stolen data to launch further attacks. For example, the theft of certificates and private keys from HPE could potentially be used to compromise other systems or organizations that rely on HPE’s technology.

In conclusion, the alleged breach of HPE by IntelBroker is a stark reminder of the ongoing challenges in cybersecurity. It underscores the need for organizations to remain vigilant, invest in advanced security measures, and foster a culture of transparency and collaboration to combat the ever-growing threat of cybercrime. As threat actors continue to evolve, so too must the defenses of those tasked with protecting sensitive data and systems.