Hewlett Packard Enterprise Co. is investigating a potential breach of its network after a hacker offered to sell data purportedly stolen from the company.

TechCrunch reported the cyberattack today, citing a post on a cybercrime forum dated Jan. 16. In the post, a hacker with the username “IntelBroker” is offering to sell data stolen from HPE’s internal development environments. A year ago, the same hacker sought offers for another dataset purportedly exfiltrated from HPE’s systems.

The latest batch of stolen records reportedly includes some customers’ personally identifiable information. According to the hacker’s forum post, the information is related to HPE product deliveries. It’s unclear how many customers may be affected.

The hacker also claims to have stolen source code related to two HPE software products: Zerto and iLO.

Zerto is a data protection platform that the company obtained in 2021 through a $374 million startup acquisition. It can create backup copies of an organization’s files and recover them after an outage. Zero also provides certain cybersecurity features, including a capability that detects when ransomware attempts to encrypt a company’s data.

The other product affected by the breach, iLO, is an administrative tool that HPE ships with its ProLiant servers. The software can check a server’s firmware before every boot to ensure it wasn’t tampered with by hackers. It also spots technical issues, generates alerts and provides troubleshooting advice for certain types of malfunctions.

Source code repositories are a major target for hackers because they can reveal vulnerabilities in software products. Such vulnerabilities, in turn, can be used to launch cyberattacks. This is particularly true for the source code of software tools that have access to back-end infrastructure such as servers or sensitive data.

Alongside Zerto and iLO code, the HPE breach reportedly affected a number of other internal assets. The hacker behind the cyberattack claims to have stolen Docker builds, or copies of containerized applications, along with access credentials to employee accounts in services such as GitHub and GitLab.

“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims,” the company told TechCrunch in a statement. “There is no operational impact to our business at this time, nor evidence that customer information is involved.”

IntelBroker, the hacker behind the breach, offered to sell another dataset purportedly stolen from HPE last February. That file trove included information related to the company’s StoreOnce series of storage appliances, which are used to store backup files. The hacker also claims to have accessed internal passwords and the CI/CD environment that HPE uses to support its software development efforts. 

According to BleepingComputer, IntelBroker has targeted other enterprise technology companies as well. The list includes Advanced Micro Devices Inc., Cisco Systems Inc. and Nokia Corp. The latter company stated in November that the cyberattack affected a single application operated by a third-party supplier. 

Photo: HPE