Hewlett Packard Enterprise (HPE), an American information technology firm is investigating claims that a hacker, known as IntelBroker, has stolen sensitive data, including source code and user information, from the company's systems.
It seems that a hacker who claimed responsibility for the breach informed HPE regarding their malicious activities.
The threat actor alleges to have stolen documents from the HPE's developer environments.
IntelBroker, a Serbian black hat hacker active since October 2022 claimed responsibility for the breach and is attempting to sell the allegedly stolen data. However, HPE has not yet confirmed that a breach occurred or that IntelBroker was responsible.
According to Bleeping Computer, the company couldn’t find any evidence of a security breach, however, HPE is investigating the cybercriminal’s claims.
HPE Investigating Hacker Claims
"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE," spokesperson Clare Loxley told Bleeping Computer.
Loxley added that HPE immediately activated their cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims.
“There is no operational impact to our business at this time, nor evidence that customer information is involved."
Intel Broker announced that it was selling information stolen from HPE’s networks on BeachForums, a popular dark web platform used by hackers to leak and sell stolen data.
The hacker claims to have had access to HPE’s API, WePay, and (private and public) GitHub repositories for a minimum of 2 days in addition to allegedly stealing certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.
Also Read: Fortinet Data Leaked For Free on DarkWeb
IntelBroker Claims Responsibility
IntelBroker has gained notoriety, especially in the past year for allegedly attempting data theft of a “large collection of Nokia source code” from a third-party vendor in November 2024.
While Nokia confirmed a breach occurred at the vendor, they seemed to have downplayed the severity of the cyber attack and stated that no Nokia systems were directly compromised.
Additionally, IntelBroker sought to charge $20,000 for access. Despite Nokia denying the breach, the malicious actor leaked the data for free as a result.
IntelBroker also claimed responsibility for the Cisco data breach in October 2024.
In a post on Breach Forums, the hacker alleged that the stolen data he accessed contained ‘Github projects, Gitlab Projects, SonarQube projects, Source code, hard-coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!’
Also Read: Chinese Espionage Hackers Allegedly Stole Sensitive Data From Fortinet
