HPE Investigates Allegations of Data Breach by IntelBroker
Hewlett Packard Enterprise (HPE) is currently examining claims made by the cybercriminal group known as IntelBroker, which has stated that it possesses stolen data and source code from the company. This announcement was made on a prominent cybercrime forum, where IntelBroker offered various files for sale, alleging they were acquired through unauthorized access to HPE’s systems.
IntelBroker is back in the spotlight, having previously gained notoriety for leaks involving major corporations. Recently, they claimed responsibility for a breach of Cisco, emphasizing their ongoing activities in the cybersecurity landscape. According to IntelBroker, the compromised data encompasses a variety of sensitive assets, including the source code for several products such as Zerto and Integrated Lights-Out (ILO), as well as SAP Hybris, Docker builds, digital certificates, and outdated personal identifiable information (PII) of users.
In a statement posted on the forum, IntelBroker asserted, “Today, I am selling the Hewlett Packard Enterprise (HPE) data breach,” underscoring the gravity of their claims. The post detailed specific types of compromised data, suggesting that the group has gained extensive access to HPE’s systems, including user accounts and various application programming interfaces (APIs).
HPE has responded to these allegations by activating its cyber response protocols. A spokesperson for the company, Adam R. Bauer, confirmed that HPE became aware of these claims on January 16. The organization subsequently took immediate measures to disable related credentials while launching an investigation to ascertain the veracity of IntelBroker’s assertions. Importantly, HPE has indicated that there is currently no evidence of operational disruption or customer data being compromised.
In terms of cybersecurity tactics, the nature of this attack suggests the involvement of several stages outlined in the MITRE ATT&CK Matrix. Initial access could have been achieved through various exploitation tactics, allowing the attackers to gain entry to HPE’s network. Persistence may have been established through the creation of unauthorized user accounts or by exploiting existing credentials. The threat actors could potentially have employed privilege escalation techniques to access sensitive areas of the infrastructure, thus obtaining the high-value data they are now offering for sale.
As the investigation unfolds, it will be crucial for HPE to address the implications of this incident, not only for its operations but also for the trust of its customers. In a landscape increasingly fraught with cyber threats, businesses must remain vigilant and proactive in their cybersecurity strategies to mitigate the risks posed by entities like IntelBroker.
For ongoing updates regarding cyber threats and breaches, follow industry experts and cybersecurity news outlets that continue to monitor these developments closely.
