Hewlett Packard Undertaking (HPE) is investigating a possible new breach after a danger actor put allegedly stolen knowledge up on the market on a hacking discussion board, claiming it incorporates HPE credentials and different delicate data.
The corporate has informed BleepingComputer that they’ve now not discovered any proof of a safety breach and no ransom has been asked, however it is investigating the danger actor’s claims.
“We’re acutely aware of the claims and are investigating their veracity,” HPE’s Sr. Director for International Communications Adam R. Bauer informed BleepingComputer on Thursday.
“Presently we’ve now not discovered proof of an intrusion, nor any affect to HPE merchandise or services and products. There has now not been an extortion try.”
When requested to supply further main points in regards to the corporate’s ongoing investigation, Bauer stated they’d “not anything new to proportion.”
IntelBroker, the danger actor promoting the alleged HPE knowledge, shared screenshots of one of the most supposedly stolen HPE credentials however has but to expose the supply of the ideas or the process used to procure it.
“Nowadays, I’m promoting the information I’ve taken from Hewlett Packard Undertaking,” the danger actor says in a publish at the hacking discussion board.
“Extra in particular, the information comprises: CI/CD get right of entry to , Gadget logs , Config Information , Get admission to Tokens , HPE StoreOnce Information (Serial numbers warrant and many others) & Get admission to passwords. (E-mail services and products also are incorporated).”
IntelBroker is easiest identified for the breach of DC Well being Hyperlink, which ended in a congressional listening to after it uncovered the non-public knowledge of U.S. Area of Representatives participants and body of workers.
Different cybersecurity incidents connected to IntelBroker are the breach of the Weee! grocery carrier and an alleged breach of Common Electrical Aviation.
Russian hackers breach HPE company e mail accounts
​This investigation comes after HPE disclosed two weeks in the past that the corporate’s Microsoft Workplace 365 e mail surroundings was once breached in Would possibly 2023 by means of hackers the corporate believed to be a part of the Russian APT29 hacking workforce connected to Russia’s Overseas Intelligence Provider (SVR).
The corporate stated the Russian hackers stole SharePoint information and information from its cybersecurity crew and different departments and maintained get right of entry to to its cloud infrastructure till December when HPE was once once more alerted of a breach of its cloud-based e mail surroundings.
“On December 12, 2023, HPE was once notified {that a} suspected countryside actor had received unauthorized get right of entry to to the corporate’s Workplace 365 e mail surroundings. HPE in an instant activated cyber reaction protocols to start an investigation, remediate the incident, and remove the process,” HPE informed BleepingComputer.
“Via that investigation, which stays ongoing, we decided that this countryside actor accessed and exfiltrated knowledge starting in Would possibly 2023 from a small share of HPE mailboxes belonging to folks in our cybersecurity, go-to-market, industry segments, and different purposes.”
Days ahead of HPE’s Russian hack disclosure, Microsoft printed a an identical breach the place APT29 breached a few of its company e mail accounts belonging to its management crew and workers within the cybersecurity and felony departments.
Microsoft later shared that the danger actors received get right of entry to to the company e mail accounts after hacking right into a misconfigured check tenant account by means of brute forcing its password in a “password spraying” assault.
HPE was once additionally breached in 2018 when APT10 Chinese language hackers additionally hacked into IBM’s networks and used the get right of entry to to hack into their consumers’ gadgets.
Extra not too long ago, HPE disclosed in 2021 that knowledge repositories of its Aruba Central community tracking platform had been compromised, enabling attackers to get right of entry to knowledge about monitored gadgets and their places.
