Hacker IntelBroker claims to have infiltrated Hewlett Packard Enterprise (HPE) and exposed sensitive data including source code, certificates, and PII, which is now being sold online.
The notorious IntelBroker hacker and his associates have claimed responsibility for a breach at Hewlett Packard Enterprise (HPE), a Houston, Texas-based global company that provides technology solutions to enterprises.
The hacker, who has previously been implicated in several high-profile data breaches, is now selling the allegedly stolen data, using Monero to maintain anonymity and untraceability. (XML) Requesting payment in cryptocurrency.
This was revealed by the hacker himself on Hackread.com and later published on Breach Forums, a cybercrime and data breach forum run by the hacker. In an exclusive conversation with Hackread.com, IntelBroker said the breach was the result of a direct attack on HPE’s infrastructure and did not include compromising third-party access, as is common in recent attacks. claimed that it was not.
What does the allegedly stolen data contain?
IntelBroker also shared a data tree and two screenshots purportedly taken from the company’s internal infrastructure. The data tree analyzed by Hackread.com appears to refer to a development or system environment that involves both open source software and proprietary package management systems.
In addition, hackers have access to sensitive data including source code, private GitHub repositories, Docker builds, certificates (both private and public keys), product source code belonging to Zerto and iLO, and user data such as old PII related to shipping. He claims to have extracted the . Get access to APIs, WePay, self-hosted GitHub repositories, and more.
Hackread.com’s initial analysis of the alleged data tree made several findings consistent with the hackers’ claims. The directory structure contains private keys and certificates such as ca-signed.key and hpe_trusted_certificates.pem, indicating potential exposure to sensitive cryptographic material.
Source code exists for HPE products such as iLO and Zerto, and files such as ilo_client.py and zerto_bootstrapper.py suggest leaked proprietary implementations. References to .github directories and .tar archives in private repositories further indicate compromised development assets.
Additionally, the presence of files such as VMW-esx-7.0.0-hpe-zertoreplication.zip and ZertoRunner.exe indicates that compiled software packages and deployment files may be compromised. If verified by HP, this could be a major security incident.
The following image combines two screenshots shared by the hacker and provides detailed insight into Hewlett Packard Enterprise’s internal systems. The first screenshot shared by the hacker shows details of Hewlett Packard Enterprise’s internal SignonService web service. This image shows the service’s endpoint address, WSDL link, and implementation class, potentially exposing sensitive infrastructure information.
The second screenshot reveals sensitive configuration details from Hewlett Packard Enterprise’s internal systems. This image exposes credentials for Salesforce and QID integration, an internal URL for the SAP S/4 HANA quoting service, and a placeholder email address for error logs, indicating a serious security vulnerability within the HPE infrastructure. gender may be exposed. ”
What is the difference between HPE and HP?
Although the names Hewlett-Packard Enterprise (HPE) and HP Inc. are often used interchangeably, they are two different companies with different focuses. In 2015, Hewlett-Packard was split into two separate entities. HP Inc. continues to specialize in consumer products such as laptops, desktops, and printers, while Hewlett-Packard Enterprise (HPE) provides enterprise-level IT solutions such as servers, storage, networking, and cloud computing. We are focusing on
Both companies are independent, with independent ownership and management. It is important to mention this distinction because the reported breach specifically targets HPE and not HP Inc.
HPE and cybersecurity incidents – not a one-off
This is not the first time HPE has faced a cybersecurity incident. In January 2024, the company disclosed to the SEC that Russian state-sponsored hackers associated with Midnight Blizzard (also known as Cozy Bear) had infiltrated its servers. The attack, which began in May 2023, targeted a small number of HPE mailboxes belonging to employees in cybersecurity, go-to-market, business departments, and other critical roles, resulting in data theft.
Immediately after the CICSO incident
Intel Broker is known for large-scale data breaches. In October 2024, hackers announced they had broken into Cisco and stolen terabytes of data. Cisco later confirmed that the stolen data came from a public DevHub resource that was exposed without password protection and was misconfigured for hackers to download.
In November 2024, hackers claimed to have infiltrated Nokia through a third-party contractor. The data was sold for $20,000. The same hacker boasted about breaking into AMD (Advanced Micro Devices, Inc.) and stealing employee and product information.
This is a developing story. Hackread.com is closely monitoring the situation and will provide updates as new information becomes available. Please stay tuned for further information.
Related topics
Hackers leak details of over 10,000 Dell employees Acer data breach: Hackers sell 160GB of stolen data Dell discloses data breach as hackers sell 49 million user data including SSN National public data records dumped online Trello data breach: hackers dump personal information of millions of users
Hackers steal call records and text messages of ‘nearly all’ AT&T customers
