Advertisement
In a recent revelation, Hewlett Packard Enterprise (HPE) has confirmed that its cloud-based email system fell victim to a cyber attack orchestrated by the Russian state-sponsored hacking group known as Midnight Blizzard, also recognized as Cozy Bear or APT29. The enterprise technology giant disclosed this security breach in a regulatory filing, shedding light on the compromise that occurred in May 2023 and continued until December of the same year.
According to HPE, the threat actor accessed and exfiltrated data from a small percentage of HPE mailboxes belonging to individuals in crucial departments such as cybersecurity, go-to-market, business segments, and other functions. The company stated that the incident is currently under investigation, with suspicions that it may be linked to a previous breach in June 2023, where a limited number of SharePoint files were compromised.
“We immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity,” HPE reported in the filing. “Upon undertaking such actions, we determined that such activity did not materially impact the Company.”
The cybersecurity breach at HPE bears similarities to the recent attack on Microsoft by the same Russian intelligence group. In January, Microsoft announced that high-ranking executives had their email accounts compromised by Midnight Blizzard, also known as Nobelium. Notably, this hacking group was responsible for the infamous SolarWinds breach in 2020, which targeted a government supplier.
Both the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Microsoft have previously linked Midnight Blizzard with the Russian foreign intelligence service SVR. The disclosure by HPE and Microsoft comes in the wake of newly enacted U.S. Securities and Exchange Commission rules, mandating companies to disclose material cybersecurity incidents promptly.
HPE reassured stakeholders that, as of now, the cyber attack has not had a material impact on the company, and they have not determined the incident to be reasonably likely to materially impact financial health or operations. The company is actively working with law enforcement and vows to provide regulatory notifications if required as the investigation progresses.
The cybersecurity landscape continues to evolve, with state-sponsored hacking groups posing a persistent threat to organizations worldwide. HPE’s acknowledgment of the breach underscores the importance of robust cybersecurity measures and heightened vigilance in the face of increasingly sophisticated cyber threats.