Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The business division of PC maker Hewlett Packard is currently informing staff affected by a cyber attack in 2023 that their personal information may have been compromised.
In 2023, a threat actor believed to be a Russian state-sponsored group breached Hewlett Packard Enterprise’s (HPE) Office 365 email environment.
“HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorised access,” HPE said in a letter to the Attorney-General office of New Hampshire.
“With the assistance of e-discovery specialists, HPE conducted a thorough review of the data at issue to identify the types of information that may have been subject to unauthorised access and determine to whom this information relates.”
According to the notice, HPE began notifying those affected, of which there are at least 16, of the incident on 29 January 2025.
The threat actor behind the incident was identified as Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, in a filing with the SEC early last year. The group is believed to have connections with Russia’s Foreign Intelligence Service (SVR) and is believed to have links with the 2020 SolarWinds cyber incident.
Speaking with BleepingComputer, HPE said that the incident affected “a limited group of HPE team member mailboxes” and that the information exfiltrated was limited to those mailboxes.
Threat actor IntelBroker has also listed HPE a number of times, claiming on three separate occasions that it had breached the organisation’s network.
In a post to an infamous hacking forum, the threat actor announced a “second” breach, closely following one he announced last month. This makes it the third he has claimed, having also listed the company last year.
“Today, I have uploaded the Hewlett Packard Enterprise 2nd breach,” wrote IntelBroker.
“This happened 2 days ago and is separate from the 1st breach we did.”
The threat actor said that data included HPE GTCAAS source code, hard-coded credentials, source code, API tokens, certificates and private keys.
The latest claims follow IntelBroker allegedly breaching Hewlett Packard Enterprise last month.
“We’ve been connecting to some of their services for about 2 days now,” said IntelBroker at the time.
According to the post, the exfiltrated data for sale includes “private Github repositories, Docker builds, SAP Hybris, certificates (private and public keys), product source code: Zerto & iLO” as well as old user personally identifiable information (PII). The threat actor also said that it was selling access to the company’s API, WePay, GitHub and more.
IntelBroker also uploaded screenshots, which contained names, email addresses and passwords, as proof of the breach.
Be the first to hear the latest developments in the cyber industry.
