top of page

Hacker Claims Theft of HPE Source Code: Investigation Launched

  • Writer: Cytopus
    Cytopus
  • Mar 4
  • 3 min read


Hacker Claims of the Data Theft

Hewlett Packard Enterprise (HPE) faces significant allegations made by the IntelBroker threat group, which is known for its high-profile cyberattacks. The hackers claim to have successfully breached HPE’s network, gaining unauthorized access to private GitHub repositories, sensitive source code, Docker builds, digital certificates, and even personal delivery information. IntelBroker had reportedly offered this stolen data for sale on the dark web, posing a significant threat to HPE’s intellectual property and operational security.


HPE's Immediate Response to the Threat

Afterward, HPE activated its cyber response protocols and launched a sophisticated investigation to determine whether the claims were real. Within it, the company has reassured stakeholders that there was no operational impact or evidence of customer information being involved.


"HPE immediately activated our cyber response protocols,” a spokesperson said, emphasizing

the absence of distributions to its business operations at this time.


IntelBroker's Growing Activity

IntelBroker is believed to be led by a Serbian hacker operating from Russia, who has been associated with numerous cyberattacks against major organizations. Notable victims include Apple, Europol, Nokia, Cisco, and DC Health Link. In those many cases, IntelBroker’s claims have been downplayed by targeted persistence and willingness to release additional data have stoned its reputation as a formidable threat actor.


HPE's History of Cybersecurity Challenges

This is not the first encounter with IntelBroker or other sophisticated threat groups for HPE:

  • In February 2024, IntelBroker alleged a similar breach of HPE’s systems which the company investigated but found no conclusive evidence of a security breach;

  • In May 2023, HPE’s Microsoft Office 365 environment was reportedly breached by APT29, linked to Russia’s Foreign Intelligence Service;

  • In 2018, HPE dealt with major incidents and a breach initiated by the Chinese hacking group APT10;

  • In 2021, there was a compromise of the Aruba Central platform, which exposed monitored device data and its locations.


Possible Compliance Negligence and Legal Consequences

If the current allegations are substantiated, HPE could face significant scrutiny over compliance lapses, particularly regarding global cybersecurity frameworks such as ISO 27001, GDPR, and U.S. federal regulations. The failure to secure sensitive data, such as source code and certificates, could result in regulatory fines, loss of customer trust, and reputational damage. The recurring nature of these incidents may also lead to allegations of negligence in safeguarding critical digital assets and maintaining sufficient threat detection mechanisms.


How Cytopus Can Help My Business?

If you want to reduce the likelihood of such incidents as HPE's recent one, we can assist you in the following areas:

  • Continuous Monitoring and Threat Detections: At Cytopus we provide centralized security monitoring solutions to detect unusual activities across your systems and networks, reducing the risk of data breaches and fast responses to unauthorized accesses.

  • Business Continuity and Disaster Recovery Planning: Cytopus helps you to design and implement robust plans to ensure uninterrupted operations during cyberattacks or other disruptions. In addition to that, we create and test comprehensive disaster recovery strategies tailored to your infrastructure.

  • Incident Handling Readiness and Post-Incident Investigation: We can assess your company's preparedness to effectively manage and respond to ransomware incidents. In addition to that, we would investigate an attack to identify weaknesses and prevent future incidents.

  • Compliance and Regulatory Alignment: We help your business to stick to essential standards like the General Data Protection Regulation (GDPR), the Cyber Resilience Act (CRA), and industry-specific frameworks such as the Health Insurance Portability and Accountability Act (HIPAA). Moreover, our experts conduct thorough compliance audits to identify gaps and vulnerabilities within your security practices.

  • Vulnerability Management and Risk Assessment: Regular assessments ensure vulnerabilities in your IT landscape are identified and addressed before attackers exploit them. Furthermore, we assist in developing strategies like patch management and access segmentation to reduce attack surfaces

bottom of page