HPE probes IntelBroker's bold data theft boasts

Hewlett Packard Enterprise (HPE) is probing assertions made by prolific Big Tech intruder IntelBroker that they broke into the US corporation's systems and accessed source code, among other things.

In a statement sent to The Register, HPE confirmed it was informed of the cyber criminal's claims late last week:

"HPE became aware on January 16 of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE. HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims.

"There is no operational impact to our business at this time, nor evidence that customer information is involved."

The attacker is selling the allegedly stolen data on a cybercrime forum, claiming to offer access to HPE source code taken from private GitHub repos, Docker builds, and SAP Hybris.

IntelBroker also claims that personally identifiable information (PII) of users is up for grabs, taken from old delivery records, and boasts they will sell access to APIs, WePay, self-hosted GitHub repos, and more.

The spokesperson did not respond to specific questions regarding the nature of the potentially affected data types.

As is the case with all claims made by career criminals, take them with a pinch of salt. The truth is often stretched, if there is any at all.

However, in the case of IntelBroker, the criminal fairly often makes good on their promises, albeit with some facts exaggerated here and there.

Europol, for example, confirmed its Platform for Experts was involved in an incident claimed by IntelBroker in May 2024. This followed claims that data was stolen from the Pentagon and other security agencies via consulting biz Acuity a month earlier. Acuity confirmed it was attacked but said no sensitive data was involved.

• Ford 'actively investigating' after employee data allegedly parked on leak site
• Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale
• Cisco confirms 'ongoing investigation' after crims brag about selling tons of data
• AMD internal data reportedly offered for sale

Days after the Pentagon claims, IntelBroker allegedly went after Home Depot, which later confirmed its employees' personal data was accessed. Other alleged attacks include those on AMD, Apple, Korea's Ministry of Defense, and the US Army.

IntelBroker is an admin of the cybercrime forum to which HPE's alleged data was posted and is also a known member of the Valhalla doxxing gang, which has associations with some of the more grisly types of cybercriminals out there.

Cybersecurity outfit Kela published an investigation into IntelBroker earlier this month, suggesting the group may also be part of the AgainstTheWest cybercrime group, which is known for attacking Chinese targets.

Kela also noted the attacker's reliance on a logless VPN service, which suggested their possible locations being in Serbia, Amsterdam, or Virginia, as well as their sophisticated tactics.

"IntelBroker represents the sophistication of today's cybercriminals – blending technical skill with strategic anonymity," the report reads. ®