In a recent turn of events, Hewlett Packard Enterprise (HPE) has revealed that their cloud-based email system was infiltrated by suspected Russian state-backed hackers. The cybersecurity and IT service providers disclosed in a Securities and Exchange Commission regulatory filing that they were made aware of the breach on January 12th, with the believed culprits being the Russian SVR foreign intelligence service’s Cozy Bear unit.
This news closely follows Microsoft’s report of a similar intrusion into their corporate network, also occurring on January 12th. The tech giant attributed the breach to Cozy Bear as well, indicating a trend of coordinated cyber attacks against major American companies.
It is noted in the filing that the Russian hackers gained access to and exfiltrated data from a small percentage of HPE mailboxes as far back as May 2023. The compromised email boxes were confirmed to be running Microsoft software, effectively linking the breach to the Cozy Bear attacks. Furthermore, HPE reported a prior unauthorized access to and exfiltration of a limited number of SharePoint files in June 2023, leading to suspicions of recurring activity by the threat actor.
Regarding this breach, HPE has cited an absence of a notable impact on its operations or financial health. Given the timing of these disclosures, they are in line with the newly-enforced U.S. Securities and Exchange Commission rule that directs public companies to promptly disclose any breaches that could potentially harm their business. This regulation requires companies to report within four days, unless they secure a national-security waiver.
HPE, which was separated from the well-known Hewlett-Packard Inc. in 2015, has emphasized that the investigation into the hack is ongoing, with no definitive information on the scope of the data accessed by the hackers. The company also refrained from offering details about the individuals whose accounts were compromised in the breach.
Given the recent wave of cyber attacks and data breaches plaguing major industry players, it is clear that cybersecurity remains a critical concern for corporations of all sizes. These incidents highlight the need for heightened security measures and continuous vigilance in the face of evolving cyber threats.
The breaches at HPE and Microsoft also underscore the growing threat posed by internationally-backed hacking operations, particularly those linked to nation-state actors like Russia’s Cozy Bear. With sophisticated entities targeting Western governments, IT service providers, and think tanks, it is evident that corporate entities must remain vigilant and prioritize robust cybersecurity measures to protect their data and systems from malicious intrusions.