Hewlett Packard Enterprise was forced to admit this week that it had been a target of suspected state-backed Russian hackers. The hackers were able to breach the company’s cloud-based email system and steal data from employees, including cybersecurity personnel.
According to a filing with the Securities and Exchange Commission, the intrusion was discovered on January 12th, with the company suspecting that the hackers were from Cozy Bear, a unit of Russia’s SVR foreign intelligence service. The attack came shortly after Microsoft reported a similar intrusion into its corporate network, also blaming Cozy Bear for the breach.
Cozy Bear is notorious for its involvement in the SolarWinds breach and focuses on gathering intelligence from Western governments, IT service providers, and think tanks in the U.S. and Europe. The group has been known for conducting stealth intelligence-gathering operations.
Hewlett Packard Enterprise revealed that the threat actor accessed and exfiltrated data from a small percentage of HPE mailboxes beginning in May 2023. The affected mailboxes belonged to individuals in the cybersecurity, go-to-market, business segments, and other functions of the company.
An HPE spokesman declined to reveal who informed the company of the breach, stating that they were not sharing that information at the time. The company also stated that the compromised email boxes were running Microsoft software. HPE also indicated that the intrusion was “likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files.”
Despite the breach, HPE asserted that the hack had no material impact on its operations or financial health. The company has been investigating the incident and has yet to determine the full scope of mailboxes and emails accessed by the hackers.
The disclosure of the breach comes on the heels of a new rule by the U.S. Securities and Exchange Commission, mandating that publicly traded companies disclose breaches that could negatively impact their business within four days of discovery, unless they obtain a national security waiver.
HPE was spun off from Hewlett-Packard Inc. in 2015 and has since prioritized data security to prevent similar breaches from occurring in the future. The company, based in Spring, Texas, has been working to assess and mitigate the impact of the breach, and is committed to safeguarding its network from future cyber threats.