Hewlett Packard Enterprise has been hacked, after its cloud-based email system was compromised by suspected state-backed Russian hackers.

The disclosure was made in a regulatory filing, in which HPE admitted that “the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

Redmond, Washington-based HPE identified the hackers as being the nation-state actor, Midnight Blizzard, also known as Cozy Bear – a unit of Russia’s SVR foreign intelligence service.

Nation-state hackers

Midnight Blizzard is also known as Nobelium, APT29 or Cozy Bear, and these hackers were behind the hack of SolarWinds that allowed it to access the systems of nine US federal agencies, along with numerous private enterprises back in 2020 and 2021.

HPE in its filing said that on 12 December 2023, it “was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorised access to HPE’s cloud-based email environment.”

It said that with the assistance from external cybersecurity experts, it immediately activated its response process to investigate, contain, and remediate the incident, eradicating the activity.

“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” said the firm.

“While our investigation of this incident and its scope remains ongoing, the Company now understands this incident is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorised access to and exfiltration of a limited number of SharePoint files as early as May 2023,” it said.

HPE said that following the notice in June, it immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity.

“Upon undertaking such actions, we determined that such activity did not materially impact the Company,” it said. “We have notified and are cooperating with law enforcement and are also assessing our regulatory notification obligations, and we will make notifications as appropriate based on our investigation findings.”

Tech veteran

It comes after Microsoft earlier this month discovered an intrusion of its corporate network on 12 January, which began in late November and which was also blamed Cozy Bear.

A couple of weeks ago HPE had announced it is acquiring Juniper Networks for $14 billion in cash, in a move to bolster its AI networking credentials.

HPE itself was created in the 2015 split of Hewlett-Packard, which saw HPE concentrating on enterprise software and networking, whereas HP focused on making PCs, laptops and printers.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

China Tells Telecom Carriers To Phase Out Foreign Chips – Report

Tit-for-tat. Another blow for Intel and AMD in China, after Beijing orders telecom carriers to…

1 day ago

Sam Bankman-Fried Appeals FTX Fraud Sentence Of 25 Years

Disgraced crypto billionaire and former FTX CEO Sam Bankman-Fried appeals 25 prison sentence for masterminding…

1 day ago

UK Regulator Flags Competition Risks Of AI Foundation Models

British competition regulator has “real concerns” regarding AI foundation models controlled by small number of…

1 day ago

Micron Notes DRAM Supply Hit After Taiwan Earthquake

Concerns realised. Memory maker Micron admits hit to DRAM supply following Taiwan's biggest earthquake in…

2 days ago

US Senator Hints At TikTok Divestiture Deadline Extension

China's ByteDance may be given up to a year to divest itself of TikTok, used…

2 days ago