Hacker's assertion under investigation regarding a vast collection of confidential HPE data
In a series of high-profile cyberattacks, Hewlett Packard Enterprise (HPE) has been targeted by the infamous hacker group IntelBroker, according to recent reports. The breach, which occurred in January 2025, is part of a broader pattern of intrusions attributed to IntelBroker, who has been linked to over 400 organizations, many based in the U.S., and has posted more than 80 separate leaks on BreachForums.
The cyberattack on HPE impacted a limited amount of the company's SharePoint and mailbox environments, with the alleged data including private GitHub repositories, Docker builds, source code, and other sensitive information. Upon learning of the claim, HPE activated cyber response protocols and launched an investigation.
IntelBroker, also known as Kai West, has been a figure of concern for law enforcement agencies for some time. In the past year, the hacker has been linked to a number of high-profile attacks, including breaches at Los Angeles International Airport, DC Health Link, AMD, Cisco, Nokia, Weee grocery chain, and Europol. The collective impact of these breaches is estimated to have caused over $25 million in damages, according to the US Department of Justice.
West was identified and tracked by the FBI through a combination of email, cryptocurrency wallets, YouTube activity, and operational mistakes that revealed his real identity in the UK. West was arrested in France and faces multiple federal charges in the US, including wire fraud, conspiracy to commit wire fraud, conspiracy to commit computer intrusions, and unauthorized access to protected computers.
The investigation into IntelBroker's claims is ongoing to determine their validity. While HPE has not yet confirmed whether the claims made by IntelBroker are valid, the company has disabled related credentials as part of the investigation. Researchers have noted that IntelBroker has a tendency to inflate claims related to past threat activity, and it is advised to remain skeptical of sweeping claims made by the hacker group.
Despite the ongoing investigation, the group's history of exploiting assets in public-facing applications to gain initial access raises concerns about potential future attacks. At this time, there is no operational impact to HPE's business, nor evidence that customer information is involved. The company continues to cooperate with law enforcement agencies and cybersecurity experts to address the situation and protect its networks.
The ongoing cyberattack on Hewlett Packard Enterprise (HPE) by IntelBroker, a hacker known for multiple high-profile attacks, has raised concerns about potential future breaches in cybersecurity, particularly in data-and-cloud-computing environments. HPE, in conjunction with law enforcement agencies and cybersecurity experts, is actively investigating the breach that involved private GitHub repositories, Docker builds, source code, and other sensitive information, to determine the validity of IntelBroker's claims and to protect its networks, ensuring technology and business continuity.
