IntelBroker, zjj, and EnergyWeaponUser are Allegedly Selling the Data of Hewlett Packard Enterprise (HPE)

Quick Facts

Victim Organization: Hewlett Packard Enterprise (HPE)
Victim Country: USA
Industry: Technology
Reported Breach Date: January 16, 2025
Threat Actor: IntelBroker, zjj, EnergyWeaponUser
Type of Attack: Data Breach
Claim: https://breachforums.st/Thread-SELLING-Hewlett-Packet-Enterprise
Data Exfiltrated: Private GitHub repositories, Docker builds, SAP Hybris, certificates (private and public keys), product source codes, API access credentials, WePay integration, self-hosted GitHub repositories, and user PII.

Description

The threat actor known as IntelBroker has claimed responsibility for a significant breach involving Hewlett Packard Enterprise (HPE). According to their post on a darknet forum, the actor has gained access to critical systems and exfiltrated data over a two-day period. The compromised information reportedly includes private repositories, development environments, and sensitive user information.

The evidence shared includes:

Source code repositories for proprietary technologies like Zerto and iLO.
API and WePay access credentials.
Certificates used in public and private infrastructure setups.
Personally identifiable information (PII) for past customers.

The post also highlights screenshots of internal systems and documentation to support their claims.

Compromised Data

Private Repositories: GitHub-hosted and self-hosted repositories containing sensitive product development details.
Certificates: Public and private keys used in HPE’s services.
User PII: Data on old customer deliveries, including names, addresses, and other identifiers.
Integration Details: API systems and WePay payment gateway access.
Other Data: SAP Hybris documentation, Docker builds, and proprietary codebases.

Details

The actor claims they were able to connect to several HPE services, extracting highly sensitive data over the span of two days. IntelBroker, known for targeting large enterprises, has shared screenshots that allegedly demonstrate access to backend systems and API endpoints.

The post highlights the compromise of services critical to HPE's operations:

Integration Systems: Details about SAP Hybris and internal workflow integrations were exposed.
Access Credentials: Leaked passwords and user credentials suggest a potential for further exploitation.
API Access: Compromised endpoints could allow additional data exfiltration or disruption.

Implications

This breach could have far-reaching consequences:

Intellectual Property Theft: Exposure of product source codes for technologies like Zerto and iLO risks competitors gaining access to HPE's proprietary solutions.
Customer Trust: Leaked customer PII and delivery records could damage HPE’s reputation among its clients.
Operational Disruption: With access to API systems and certificates, threat actors might exploit vulnerabilities to disrupt HPE’s services.

Recommendations for Hewlett Packard Enterprise

Incident Response: Immediately assess the extent of the breach and mitigate further access.
Credential Management: Revoke and rotate all API keys, certificates, and access credentials.
Data Security Audit: Conduct a comprehensive review of security controls in repositories, development systems, and APIs.
Customer Notification: Alert affected customers about the breach and provide resources for data protection.
Threat Monitoring: Monitor dark web forums for further postings or transactions related to the compromised data.

Conclusion

This breach highlights the persistent threat posed by advanced threat actors targeting major enterprises. HPE's compromised repositories, certificates, and user data present significant risks to their operations and customer trust. The organization must act swiftly to address vulnerabilities, secure systems, and minimize potential fallout.