Hewlett Packard Enterprise cloud email system breached by same Russian group that attacked Microsoft
Hewlett Packard Enterprise Co. (HPE) has fallen victim to a cyberattack, taken up by Russian group Midnight Blizzard, the same group that recently took on Microsoft and breached its executive email systems. HPE pointed fingers at the threat actor Midnight Blizzard, also known as Cozy Bear, a state-sponsored actor with ties to Russia, in a US SEC filing.
The breach was discovered on December 12, 2023, and the company believes data exfiltration started in May of the same year.
The cybersecurity incident affected a small percentage of HPE mailboxes, particularly those belonging to individuals in the cybersecurity, go-to-market, business segments, and other functions. The breach is believed to be related to an earlier attack by the same threat actor in June 2023, involving unauthorised access and exfiltration of SharePoint files. HPE stated that immediate actions were taken following the June incident, and it did not materially impact the company at that time.
While the investigation is ongoing, HPE has not observed any additional activity by the threat actor since eradicating their presence in December. The company is working with law enforcement and will notify affected individuals based on the findings of the investigation. As of now, the incident has not had a material impact on HPE’s operations, and the company does not deem it reasonably likely to materially impact its financial condition or results of operations.
The breach is another concerning development involving the Cozy Bear threat actor, which is also suspected of recently hacking into Microsoft’s corporate network. This brings to attention the need for enhanced cybersecurity measures and vigilance in the face of state-sponsored hacking groups.
The Cozy Bear group, affiliated with Russia’s Foreign Intelligence Service (SVR), has a notorious history, including the 2016 hacking of the Democratic National Committee and the SolarWinds cyberespionage effort in 2020. The incident involving HPE reinforces the importance of organisations implementing strong cybersecurity practices, including multifactor authentication and endpoint controls, to mitigate the risks associated with sophisticated cyber threats.