Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

HPE investigates alleged breach following hacker’s exfiltration claims

A threat actor has listed the data of US multinational information technology company Hewlett Packard Enterprise (HPE) online, leading to the company launching an investigation into yet another breach.

user icon Daniel Croft
Tue, 06 Feb 2024
HPE investigates alleged breach following hacker’s exfiltration claims
expand image

The threat actor, who goes by the name “IntelBroker”, posted screenshots of the allegedly stolen data but did not disclose how they sourced it.

“Today, I am selling the data I have taken from Hewlett Packard Enterprise,” IntelBroker wrote on BreachForums.

“More specifically, the data includes: CI/CD access, System logs, Config Files, Access Tokens, HPE StoreOnce Files (Serial numbers warrant etc) & Access passwords. (Email services are also included).”

============
============

Regarding the alleged breach, HPE has begun investigating but has not yet found any evidence of a breach or data being stolen.

“We are aware of the claims and are investigating their veracity,” HPE’s senior director for global communications, Adam R. Bauer, told tech publication BleepingComputer.

“At this time, we have not found evidence of an intrusion, nor any impact to HPE products or services. There has not been an extortion attempt.”

This is not IntelBroker’s first rodeo, having breached a number of other organisations, including an alleged breach of General Electric Aviation, a breach of the Weee! grocery company and, most notably, the breach of DC Health Link, which exposed the data of members and staff of the US House of Representatives, leading to a congressional hearing.

The latest incident comes only weeks after reports that the Russian state-sponsored “Midnight Blizzard” hacking group breached the email accounts of HPE’s security team to steal data belonging to the cyber security team and other departments.

The incident occurred back in May 2023, with HPE only being notified that the hacking group had breached its Microsoft Office 365 cloud email environment on 12 December, according to a Form 8-K SEC filing.

“On December 12, 2023, Hewlett Packard Enterprise Company (the “Company,” “HPE,” or “we”) was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorised access to HPE’s cloud-based email environment,” the SEC filing read.

“The company, with assistance from external cyber security experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity. Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cyber security, go-to-market, business segments, and other functions.”

HPE added that it believes this incident is related to earlier activity it detected in June, which involved “unauthorised access to and exfiltration of a limited number of SharePoint files as early as May 2023”.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.