HPE investigating vulnerability after hacker claims to take source code.

Hewlett Packard Enterprise (HPE) is looking into reports of a fresh breach after a threat actor claimed they took documents from the company's developer environments.

The business told BleepingComputer that it has discovered no indication of a security compromise, but it is looking into the threat actor's allegations.

"On January 16, HPE became aware of claims made by a group called IntelBroker that it was in possession of HPE information," spokesman Clare Loxley told BleepingComputer.

"HPE promptly triggered our cyber response mechanisms, deactivated linked credentials, and initiated an investigation to determine the authenticity of the accusations. There is no operational impact on our business at this time, and there is no proof that client information is being used."

IntelBroker, which announced the sale of allegedly stolen information from HPE's networks, claims they had access to the company's API, WePay, and (private and public) GitHub repositories for at least two days, stealing certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries.

On February 1, 2024, IntelBroker published another collection of data, including credentials and access tokens, reportedly taken from HPE's servers. The corporation also stated at the time that it was looking into the threat actor's allegations but found no indication of a security violation.

IntelBroker rose to prominence following a breach of DC Health Link, the company that runs the health care plans of members of the United States House of Representatives, which resulted in a congressional hearing when the personal information of 170,000 impacted individuals was published online.

Other IntelBroker-related events include breaches of Nokia, Cisco, Europol, Home Depot, and Acuity, as well as claimed breaches of AMD, the State Department, Zscaler, Ford, and General Electric Aviation.

HPE was also penetrated in 2018, when APT10 Chinese hackers allegedly accessed parts of its networks and exploited the access to break into consumer devices.

More recently, in 2021, the tech behemoth revealed that the data vaults of its Aruba Central network monitoring software had also been infiltrated, allowing attackers to obtain information about monitored devices and locations.

HPE also disclosed a year ago that its Microsoft Office 365 email infrastructure was penetrated in May 2023 by attackers thought to be members of the APT29 hacking organization, which is affiliated to Russia's Foreign Intelligence Service (SVR).

Source: BleepingComputer

#Breach #DataBreach #DataTheft #HackingForum #HewlettPackardEnterprise #HPE #SourceCode