HPE investigates new breach after data for sale on hacking forum

Trending 2 weeks ago


Hewlett Packard Enterprise (HPE) is investigating a imaginable caller breach aft a threat character put allegedly stolen information up for waste connected a hacking forum, claiming it contains HPE credentials and different delicate information.

The institution has told BleepingComputer that they person not recovered immoderate grounds of a information breach and nary ransom has been requested, but it's investigating nan threat actor's claims.

"We are alert of nan claims and are investigating their veracity," HPE's Sr. Director for Global Communications Adam R. Bauer told BleepingComputer connected Thursday.

"At this clip we person not recovered grounds of an intrusion, nor immoderate effect to HPE products aliases services. There has not been an extortion attempt."

When asked to supply further specifications regarding nan company's ongoing investigation, Bauer said they had "nothing caller to share."

IntelBroker, nan threat character trading nan alleged HPE data, shared screenshots of immoderate of nan supposedly stolen HPE credentials but has yet to disclose nan root of nan accusation aliases nan method utilized to get it.

"Today, I americium trading nan information I person taken from Hewlett Packard Enterprise," nan threat character says successful a station connected nan hacking forum.

"More specifically, nan information includes: CI/CD entree , System logs , Config Files , Access Tokens , HPE StoreOnce Files (Serial numbers warrant etc) & Access passwords. (Email services are besides included)."

IntelBroker trading allegedly stolen HPE credentialsIntelBroker trading allegedly stolen HPE credentials (BleepingComputer)

IntelBroker is champion known for the breach of DC Health Link, which led to a congressional hearing aft it exposed nan individual information of U.S. House of Representatives members and staff.

Other cybersecurity incidents linked to IntelBroker are the breach of nan Weee! market service and an alleged breach of General Electric Aviation.

Russian hackers breach HPE firm email accounts

​This investigation comes aft HPE disclosed 2 weeks agone that nan company's Microsoft Office 365 email situation was breached successful May 2023 by hackers nan institution believed to beryllium portion of nan Russian APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR).

The institution said nan Russian hackers stole SharePoint files and information from its cybersecurity squad and different departments and maintained entree to its unreality infrastructure until December erstwhile HPE was again alerted of a breach of its cloud-based email environment.

"On December 12, 2023, HPE was notified that a suspected nation-state character had gained unauthorized entree to nan company's Office 365 email environment. HPE instantly activated cyber consequence protocols to statesman an investigation, remediate nan incident, and eliminate nan activity," HPE told BleepingComputer.

"Through that investigation, which remains ongoing, we wished that this nation-state character accessed and exfiltrated information opening successful May 2023 from a mini percent of HPE mailboxes belonging to individuals successful our cybersecurity, go-to-market, business segments, and different functions."

Days earlier HPE's Russian hack disclosure, Microsoft revealed a akin breach wherever APT29 breached immoderate of its firm email accounts belonging to its activity squad and labor successful nan cybersecurity and ineligible departments.

Microsoft later shared that nan threat actors gained entree to nan firm email accounts aft hacking into a misconfigured trial tenant relationship by brute forcing its password successful a "password spraying" attack.

HPE was besides breached successful 2018 erstwhile APT10 Chinese hackers besides hacked into IBM's networks and utilized nan entree to hack into their customers' devices.

More recently, HPE disclosed successful 2021 that information repositories of its Aruba Central web monitoring level were compromised, enabling attackers to entree information astir monitored devices and their locations.