HPE investigating breach claims involving source code: Report

The allegations of a breach come from a threat actor that had previously compromised an HPE test environment in early 2024

Hewlett Packard Enterprise acknowledged it is investigating claims by a threat actor that reportedly involve theft of source code.

While the IT infrastructure giant did not confirm that a data breach occurred, the allegations come from a threat actor that had previously compromised an HPE test environment in early 2024.

BleepingComputer reported Monday that a hacker known as IntelBroker has been attempting to sell information that was allegedly taken from HPE.

According to the report, the threat actor claimed to have stolen data including source code for HPE’s Zerto disaster recovery platform and integrated lights-out (iLO) server management software, as well as Docker builds and certificates.

The hacker claimed to have had access to HPE’s API, GitHub repositories and WePay for “at least two days,” the BleepingComputer report said.

In a statement provided to outlets including CRN, HPE acknowledged it has undertaken an investigation into the claims after becoming aware of the allegations last week.

“HPE became aware on 16 January of claims being made by a group called IntelBroker that it was in possession of information belonging to HPE,” the company said in the statement.

“HPE immediately activated our cyber response protocols, disabled related credentials, and launched an investigation to evaluate the validity of the claims.”

HPE, however, has seen "no operational impact to our business at this time, nor evidence that customer information is involved,” the company said in the statement.

A year ago, after the hacker known as IntelBroker claimed to be selling data belonging to HPE, the company confirmed that some of its data was impacted in a breach but said that the scope was not as extensive as claimed by the threat actor.

“The data at issue appears to be related to information that was contained in a test environment,” HPE said at the time.

HPE did not address questions from CRN about whether the new claims by this threat actor might be related to the 2024 incident.

This article originally appeared on CRN UK sister website CRN.