Hewlett Packard Enterprise (HPE) has announced a new breach after threat actors put up allegedly stolen data for sale on hacking forums, claiming it contained HPE credentials and other sensitive information. We are investigating the possibility.
The company told BleepingComputer it had found no evidence of a security breach and no ransom was demanded, but said it was investigating the attackers’ claims.
Adam R. Bauer, HPE’s senior director of global communications, told BleepingComputer on Thursday: “We are aware of the allegations and are investigating their veracity.”
“At this time, we have found no evidence of an intrusion, no impact to HPE products or services, and no extortion attempts.”
When asked for further details about the company’s ongoing investigation, Bauer said, “I have nothing new to share.”
IntelBroker, a threat actor known to be selling HPE data, has shared screenshots of some of the allegedly stolen HPE credentials, but has not yet disclosed its source or how it obtained the information. not.
“Today I will be selling data obtained from Hewlett Packard Enterprise,” the attacker said in a post on a hacking forum.
“More specifically, data includes CI/CD access, system logs, configuration files, access tokens, HPE StoreOnce files (such as serial number endorsements), and access passwords. (Also includes email services. Masu).”
IntelBroker is best known for the DC Health Link breach, which led to Congressional hearings after exposing the personal data of U.S. House members and staff.
Another cybersecurity incident related to IntelBroker is the Weee! breach. Alleged violations of Grocery Services and General Electric Aviation.
Russian hackers break into HPE company email accounts
The investigation comes after HPE announced two weeks ago that its Microsoft Office 365 email environment was hacked in May 2023 by the company, which it believes is part of Russia’s APT29 hacking group associated with the Russian Foreign Intelligence Service (SVR). This was done after it was revealed that it had been compromised by hackers.
The company said the Russian hackers stole SharePoint files and data from the company’s cybersecurity team and other departments, and the company’s cloud infrastructure continued until December, when HPE was again alerted to a breach of its cloud-based email environment. It is said that access was maintained.
“On December 12, 2023, HPE was notified that a suspected nation-state attacker had gained unauthorized access to the company’s Office 365 email environment. HPE immediately activated cyber response protocols and We launched an investigation, remediated the incident, and eradicated the activity,” HPE told BleepingComputer.
“Through our ongoing investigation, we have determined that this nation-state actor accessed and stole data from a small number of HPE mailboxes belonging to individuals in our cybersecurity, market development, and business departments since May 2023. It turns out that’s the feature. “
Days before HPE’s revelations of the Russian hack, Microsoft disclosed a similar breach in which APT29 penetrated some corporate email accounts belonging to the company’s executives and employees in its cybersecurity and legal departments. Did.
Microsoft later revealed that attackers hacked into a misconfigured test tenant account and gained access to corporate email accounts by brute-forcing passwords in a “password spray” attack.
HPE was also compromised in 2018 when APT10 Chinese hackers infiltrated IBM’s network and used that access to compromise customer devices.
More recently, HPE revealed in 2021 that the data repository of its Aruba Central network monitoring platform was compromised, allowing attackers to access data about monitored devices and their locations.
