Regulatory filing by Hewlett Packard Enterprise reveals suspected state-backed Russian hackers breached its cloud email system
Hewlett Packard Enterprise has been hacked, after its cloud-based email system was compromised by suspected state-backed Russian hackers.
The disclosure was made in a regulatory filing, in which HPE admitted that “the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”
Redmond, Washington-based HPE identified the hackers as being the nation-state actor, Midnight Blizzard, also known as Cozy Bear – a unit of Russia’s SVR foreign intelligence service.
Midnight Blizzard is also known as Nobelium, APT29 or Cozy Bear, and these hackers were behind the hack of SolarWinds that allowed it to access the systems of nine US federal agencies, along with numerous private enterprises back in 2020 and 2021.
HPE in its filing said that on 12 December 2023, it “was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorised access to HPE’s cloud-based email environment.”
It said that with the assistance from external cybersecurity experts, it immediately activated its response process to investigate, contain, and remediate the incident, eradicating the activity.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” said the firm.
“While our investigation of this incident and its scope remains ongoing, the Company now understands this incident is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorised access to and exfiltration of a limited number of SharePoint files as early as May 2023,” it said.
HPE said that following the notice in June, it immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity.
“Upon undertaking such actions, we determined that such activity did not materially impact the Company,” it said. “We have notified and are cooperating with law enforcement and are also assessing our regulatory notification obligations, and we will make notifications as appropriate based on our investigation findings.”
It comes after Microsoft earlier this month discovered an intrusion of its corporate network on 12 January, which began in late November and which was also blamed Cozy Bear.
A couple of weeks ago HPE had announced it is acquiring Juniper Networks for $14 billion in cash, in a move to bolster its AI networking credentials.