Overview

Hewlett Packard Enterprise (HPE) is currently investigating claims made by the hacker known as IntelBroker, who alleges to have stolen sensitive data from the company's systems. The purported breach includes source code, private and public access keys, and personally identifiable information (PII) of customers.

Details of the Alleged Breach

On January 16, 2025, IntelBroker announced on a hacking forum the possession of data allegedly exfiltrated from HPE's developer environments. The hacker claims to have accessed HPE's API, GitHub repositories, and WePay integration for at least two days, during which the following data was reportedly stolen:

• Source code for HPE’s Zerto disaster recovery platform and Integrated Lights-Out (iLO) server management software.

• Docker builds and digital certificates, including private and public keys.

• Personally identifiable information (PII) related to customer deliveries.

IntelBroker has offered this data for sale, further heightening concerns about the potential impact of the breach.

HPE's Response

In response to these claims, HPE has initiated a comprehensive investigation. A company spokesperson stated,

"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims."

As of now, HPE reports no operational impact to its business and no evidence that customer information is involved.

Background on IntelBroker

IntelBroker is a known threat actor with a history of targeting major organizations. Notably, the hacker was linked to the 2024 breach of DC Health Link, which exposed personal data of U.S. House of Representatives members and staff, leading to a congressional hearing. Other alleged targets include Nokia, Cisco, Europol, Home Depot, and Acuity.

Implications and Recommendations

While HPE's investigation is ongoing, the potential exposure of source code and digital certificates poses significant security risks, including:

• Intellectual property theft and unauthorized use of proprietary technologies.

• Increased vulnerability to cyberattacks exploiting exposed source code.

• Compromise of secure communications due to leaked certificates and keys.

Organizations utilizing HPE products are advised to:

• Monitor for security patches and updates from HPE.

• Review and enhance their own security measures in light of potential vulnerabilities.

• Stay informed through official HPE communications regarding the investigation's findings.

HPE has committed to providing updates as the investigation progresses to ensure transparency and maintain customer trust.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.