The hacker group IntelBroker has reportedly infiltrated Hewlett Packard Enterprise (HPE), resulting in the exposure of sensitive data including source code, cryptographic certificates, and personally identifiable information (PII), which is now being offered for sale online.
Claiming responsibility for the breach, IntelBroker and their associates have targeted HPE, a global technology solutions provider headquartered in Houston, Texas. The hacker, known for their involvement in multiple high-profile data exposures, is now demanding payment in Monero (XML) cryptocurrency to maintain anonymity and avoid detection.
This information was disclosed by the hacker in an interview with Hackread.com and subsequently posted on Breach Forums, a cybercrime forum managed by IntelBroker. During this exclusive communication, the hacker emphasized that the breach was executed via a direct assault on HPE’s infrastructure, differentiating it from various recent incidents that typically involve third-party compromises.
Details of the Allegedly Stolen Data
IntelBroker provided a data tree and two screenshots that purportedly depict elements of HPE’s internal systems. Upon analysis by Hackread.com, the data structure suggests a developmental or operational environment that utilizes both open-source software and proprietary package management frameworks.
The hacker claims to have extracted critical information, including source code, private GitHub repositories, Docker images, various certificates (public and private keys), source code tied to products from Zerto and iLO, and user data including historical PII related to shipments. The breach also allegedly provides access to APIs, WePay systems, and self-hosted GitHub repositories.
The analysis of the data tree revealed numerous findings that corroborate the hacker’s statements. It identified several private keys and certificates, such as ca-signed.key
and hpe_trusted_certificates.pem
, suggesting a potential compromise of sensitive cryptographic assets. The repository includes source code for HPE products like iLO and Zerto, indicated by files named ilo_client.py
and zerto_bootstrapper.py
, pointing towards leaked proprietary code.
Further, specific files such as VMW-esx-7.0.0-hpe-zertoreplication.zip
and ZertoRunner.exe
hint at the possible exposure of compiled software and deployment files. Should HPE verify these claims, this incident could represent a significant security breach.
The hacker shared two screenshots, offering in-depth glimpses into HPE’s internal operations. The first screenshot outlines details from HPE’s internal SignonService web service, showcasing sensitive infrastructure details such as the service’s endpoint and implementation class. The second image presents confidential configuration data, revealing credentials associated with Salesforce and internal URLs for SAP S/4 HANA services, which could expose serious vulnerabilities in HPE’s systems.
Understanding the Differences Between HPE and HP
It is crucial to note that Hewlett-Packard Enterprise (HPE) and HP Inc. are distinct entities with different operational focuses, despite their names often being used interchangeably. Following a split in 2015, HP Inc. has concentrated on consumer products, while HPE specializes in enterprise-level IT solutions encompassing servers, storage, and cloud services. Understanding this distinction is pertinent, as the breach reported specifically impacts HPE rather than HP Inc.
Ties to Previous High-Profile Incidents
IntelBroker has a track record of engaging in prominent cybercrimes; their October 2024 breach of Cisco resulted in the theft of numerous terabytes of sensitive information. Cisco later acknowledged that the exposed data stemmed from a misconfigured public-facing resource lacking necessary password protections. In the subsequent month, IntelBroker claimed to have infiltrated Nokia via an external contractor, announcing the sale of the data for $20,000. They have also made claims of accessing sensitive information from Advanced Micro Devices, Inc. (AMD).
The implications of the HPE breach could mirror past incidents by highlighting recurrent vulnerabilities in corporate cyber defenses. Business owners are advised to re-examine their security protocols and ensure robust safeguards are in place to mitigate potential risks associated with similar attacks.
This is an evolving situation. Hackread.com continues to monitor developments closely and will provide updates as more information emerges. Stay informed for further details.
RELATED TOPICS
- Hacker Leak Over 10,000 DELL Employee Details
- Acer Data Breach: Hacker Sells 160GB of Stolen Data
- Dell Discloses Data Breach As Hacker Sells 49M User Data
- 3 Billion National Public Data Records with SSNs Dumped Online
- Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
- Hackers Steal Call and Text Records for “Nearly All” AT&T Customers