Hewlett Packard investigating a significant data theft by the IntelBroker hacker group

Technology giant Hewlett Packard Enterprise said it is investigating a possible cyber security incident after a hacker group claimed that it infiltrated the company’s internal network and stole confidential data.

 

Recently, the infamous IntelBroker hacker group claimed that it breached the internal network of Hewlett Packard Enterprise (HPE) and exfiltrated significant amounts of corporate data, including CI/CD access, system logs, configuration files, access tokens, HPE StoreOnce files (serial numbers, warranty, etc.), and access passwords.

 

To support its claims, the group shared several screenshots on X, formerly Twitter, that support its claimed access to HPE’s internal systems. Initial analyses of the leaked information shows that the compromised database included private GitHub repositories, Docker builds, and other confidential company data.

 

 

The hacker group has demanded an undisclosed amount in Monero cryptocurrency as ransom in exchange for not publishing the stolen data. IntelBroker added that it is in possession of old PII related to delivery services, product APIs, and deployment files which it intends to publish if its ransom demand isn’t met.

 

Acknowledging the claims of the threat actor, an HPE spokesperson Clare Loxley said in a statement shared with BleepingComputer, “HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE.

 

“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims. There is no operational impact to our business at this time, nor evidence that customer information is involved,” Loxley added.

 

In September, the IntelBroker group also claimed that it breached Deloitte’s internal network and stole sensitive and confidential company data. The compromised data included email addresses, internal settings, and communications between intranet users.

 

 

In November, the group infiltrated the internal network of U.S.carmaker Ford, stole an internal database containing 44,000 customer records and published it on the cybercrime forum, BreachForums. According to screenshots shared on X, the stolen database contained names, physical locations, purchased products, sample fields, account codes, sales types, customer addresses, city and country codes.