Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Threat actors claim to be selling data belonging to the business IT division of major laptop and technology manufacturer Hewlett-Packard (HP).
Notorious threat actor IntelBroker, alongside several members of their threat group, CyberN-----s, posted to a popular hacking forum claiming to have exfiltrated data from Hewlett-Packard Enterprise (HPE).
“We’ve been connecting to some of their services for about 2 days now,” wrote IntelBroker.
According to the post, the exfiltrated data for sale includes “private Github repositories, Docker builds, SAP Hybris, certificates (private and public keys), product source code: Zerto & iLO” as well as old user personally identifiable information (PII). The threat actor also said that it was selling access to the company’s API, WePay, GitHub and more.
IntelBroker also uploaded screenshots as proof of the breach, which contained names, email addresses and passwords.
Cyber Daily has reached out to HPE for a statement or more information.
IntelBroker and its threat group have gained a reputation for legitimate leaks on mostly large organisations. Late last year, IntelBroker said they had gained access to the systems of Cisco, stealing large amounts of data belonging to it and its customers.
Data allegedly includes “Github projects, Gitlab Projects, SonarQube projects, source code, hard-coded credentials, certificates, customer SRCs, Cisco confidential documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!”
Cisco quickly began investigating the claims, confirming that data was exfiltrated. However, the company said that its own systems were not breached, and the threat actors accessed a public-facing DevHub environment.
Following this, IntelBroker published a small portion of the data.
“Today, I have shared the Cisco partial breach for you to download. Thanks for reading and enjoy!” Intelbroker said.
Intelbroker acknowledged that it and its team at CyberN-----s accessed a DevHub instance, which, it said, Cisco accidentally left open, adding that they exfiltrated 4.5 terabytes of data.
The partial upload allegedly contains 2.9 gigabytes of data, made up of Cisco C9800-SW-iosxe-wlc.16.11.01, Cisco IOS XE & XR, Cisco ISE, Cisco SASE, Cisco Umbrella and Cisco Webex.
“Hopefully this proves the legitimacy of the breach to others wanting to buy the full version,” added IntelBroker.
Be the first to hear the latest developments in the cyber industry.
