In a shocking revelation, Hewlett Packard Enterprise (HPE) announced on Wednesday that its cloud-based email system had been compromised by the infamous Russian state-sponsored hacking group known as Midnight Blizzard or Cozy Bear. This disclosure was made in a regulatory filing, wherein HPE stated that it was first notified about the breach in December 2023. The hackers managed to access and exfiltrate data from a small percentage of HPE mailboxes belonging to individuals in crucial departments such as cybersecurity, go-to-market, business segments, and other functions.
The recent attack on HPE seems to be closely related to another incident that occurred in June 2023. During that event, the hackers successfully compromised a limited number of SharePoint files as early as May 2023. Upon receiving notice in June, HPE promptly initiated an investigation with the help of external cybersecurity experts. They swiftly implemented containment and remediation measures to eradicate the malicious activity. Despite their efforts, the breach did not cause any significant impact on the company’s operations or financial health, according to HPE.
HPE is currently conducting an extensive investigation into the breach, working closely with law enforcement agencies to uncover the full extent of the incident. The enterprise tech giant has assured stakeholders that it will provide regulatory notifications as required throughout the investigation. Although the hack has not had a material impact on HPE thus far, the situation remains concerning, given the sophisticated nature of the attack and the potential risks involved.
This recent breach adds to the growing list of cyberattacks perpetrated by the Russian hacking group. In January, Microsoft revealed that the same group, also known as Nobelium or APT29, had successfully compromised some of its high-ranking executives’ email accounts. The group’s notoriety skyrocketed in 2020 when it orchestrated the infamous breach of government supplier SolarWinds. The U.S. Cybersecurity and Infrastructure Security Agency, as well as Microsoft, have previously linked this state-sponsored hacking group to the Russian foreign intelligence service SVR.
The disclosure of HPE’s breach, along with Microsoft’s own cyber incidents, comes in the wake of new U.S. Securities and Exchange Commission rules mandating companies to report material cybersecurity breaches. This increased transparency aims to provide stakeholders with critical information about potential threats to organizations’ cybersecurity. The prompt disclosure and cooperation of companies like HPE and Microsoft are vital in enhancing industry-wide preparedness, as well as mitigating the risk of future cyberattacks.
As news of the breach spread, HPE’s shares remained relatively stable in after-hours trading on Wednesday, with no significant decline. HPE has taken swift action to address the issue, and its ongoing collaboration with law enforcement suggests its commitment to resolving the matter thoroughly. However, only time will tell the true impact of this breach on HPE’s reputation and customer trust.
HPE’s recent breach at the hands of the Russian state-sponsored hacking group serves as a stark reminder of the evolving cyber threat landscape. Organizations must remain vigilant and proactive in enhancing their security measures to protect against such sophisticated attacks. The disclosure of this breach, in compliance with regulatory requirements, plays a crucial role in bolstering transparency and enabling collective efforts to combat cyber threats.
Leave a Reply