Hewlett Packard Enterprise (HPE) is investigating a potential data breach following claims made by a threat actor known as IntelBroker, who alleges to have stolen HPE credentials and is offering them for sale on a cybercrime forum. HPE denies evidence of an intrusion and any impact on its products or services. No ransom demand has been reported. 

IntelBroker, previously linked to other cybersecurity incidents, has provided screenshots of claimed HPE credentials. HPE's recent disclosure reveals a separate cyber incursion in May 2023, where Russian hackers, associated with APT29, infiltrated HPE's Microsoft Office 365 email system. 

The breach extended to HPE's cloud infrastructure, with unauthorised access lasting until December. HPE states that a nation-state actor accessed and exfiltrated data, primarily affecting a small percentage of mailboxes related to cybersecurity and business segments. 

This incident follows similar breaches reported by Microsoft. HPE had also faced security breaches in 2018 (linked to APT10) and 2021 (Aruba Central platform compromise). The current data for sale is reported to be from a testing environment, suggesting potentially lower sensitivity compared to operational environments.