Hackers share chip photos allegedly stolen from HP subsidiary, Poly

Telecommunications giant Poly was posted on a dark web forum, which attackers use to showcase their latest victims. The Cybernews research team believes the gang shared the company’s code or firmware in a data sample. HP says it's investigating attacker claims.

Hackers claim to have stolen 90GB of data from Poly, an HP subsidiary that develops video and voice collaboration platforms.
Hackers shared screenshots of chip photos and code files on the dark web, potentially exposing sensitive Poly data.
The gang used Poly's legacy name Polycom, suggesting attackers may have accessed older databases predating HP's 2022 acquisition of the company.
HP confirmed it is investigating the claims but stated there is no evidence that HP's environment or customer data was compromised in the alleged breach.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

Everest ransomware cartel posted the company, claiming attackers obtained 90GB of data. However, attackers refer to the victim as Polycom, a legacy name which was changed to Poly after the company was acquired by HP in 2022.

“The leak of your internal company documents contains a huge variety of personal documents and information of clients,” attackers boasted on the dark web.

Poly develops video, voice and content collaboration platforms for companies and reported revenues over $1.7 billion in 2021, with a staff size exceeding 3,400.

HP shared a statement with Cybernews, saying the company is “aware of claims made of potential exploit legacy Polycom environment.” According to HP, the company is investigating Everest claims.

“HP is aware of claims made of a potential exploit of a legacy Polycom environment. We are investigating these claims, and there is no evidence that HP’s environment or HP customer data was compromised. The security of our customers is a top priority, and we encourage all our customers to keep their systems up to date,” HP spokesperson told Cybernews.

Meanwhile the Cybernews research team investigated the attacker claims. According to the team, Everest did not share substantial data samples, only including screenshots of the supposedly stolen data.

Poly dark web post about an alleged breach

The gang employed the same tactic with another one of its victims, a major data management company Iron Mountain, which was posted on Everest’s dark web blog immediately after Poly.

However, the screenshots include what appears to be sensitive company details, such as lists of C and C++ code files. Researchers could not deduce what type of information was uploaded, but it could be related to source code or drivers for Polycom firmware.

In both cases, leaking such data could severely increase the company's exposure to cyberattacks.

Other information revealed screenshots of RMX managed system, which Poly offers for video conferencing, alongside a photo of a chip clearly labeled as manufactured by Polycom. The legacy name could indicate attackers accessed a database with older data.

Don't miss our latest stories on Google News. Add us as your Preferred Source on Google

“Broadly speaking, the exposed source code and photos of hardware could be used for vulnerability. Screenshots of RMX management systems could indicate that the gang has credentials on their hands as well, but at this point we cannot confirm this,” the team explained.

Attackers behind the alleged Iron Mountain data breach are Everest, which is among the most notorious cyber cartels currently operating. Believed to be related to Russia, the Everest gang first emerged on the scene in July 2021.

Over the past year, Everest targeted the multinational electronics giant ASUS, Brazilian petroleum giant Petrobras, Japanese auto manufacturing giant Nissan, and fast food giant McDonald’s in India.