Table of Contents
The hacker is offering to sell stolen HPE source codes, private and public access keys and personally identifiable information (PIIs) of customers from the breach.
IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).
The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally identifiable information (PII) of customers.
“Today, I am selling the HPE data breach,” IntelBroker said in a BreachForums post. “We have been connecting to some of their services for about 2 days now.”
Source code and private data exposed
In their BreachForums post, IntelBroker offered to sell a large amount of sensitive HPE data, including source codes, user data, and access keys.
Compromised data include “Source code: Private GitHub repositories, Docker builds, SAP Hybrid, Certificate (private and public keys),” IntelBroker wrote. “Access: API access, WePay, Github, Github (self-hosted) and more!”
Additionally, the stash allegedly contains HPE’s Zerto and iLO source codes, along with delivery PIIs of HPE’s old users.
Media outlet Hackread.com, which claims to have seen the data sample shared by the hacker, reported it appeared to “reference a development or system environment involving both open-source software and proprietary package management systems.” “Several findings” from a Hackread initial analysis revealed that hacker’s claims mostly check out.
IntelBroker has reportedly said that the breach was a direct hack and did not involve a third-party compromise.
Hacker on a spree
IntelBroker, a regular figure on BreachForums, has made significant waves in 2024 with a series of high-profile attacks.
This hacker has targeted a diverse range of organizations in the past, such as General Electric, Europol, Lulu Hypermarket, and Zscaler, with earlier breaches including major players like Home Depot, Facebook Marketplace, and Space-Eyes. In June 2024, IntelBroker escalated its activities by leaking or selling data from companies like T-Mobile, AMD, and Apple.
Recently in October, IntelBroker offered to sell a huge corpus of Cisco breach data which experts linked to the June leaks given T-Mobile, AMD’s extensive use of Cisco services, but the connection was never confirmed. HPE did not respond to email queries about the attack. While IntelBroker has previously exaggerated Apple and Europol breaches, the threat actor is not known to have made an entirely false breach claim in the past.