HPE, also known as Hewlett Packard Enterprise, has recently revealed that it was the victim of a cyberattack believed to have been carried out by Cozy Bear, a Russian nation-state actor notorious for similar attacks on other high-profile organizations, such as the recent attack on Microsoft. This disclosure was made in an 8-K filing that HPE submitted to the U.S. Securities and Exchange Commission on January 24th.

According to the filing, HPE was notified on December 12th that a suspected nation-state actor, believed to be Cozy Bear, had gained unauthorized access to HPE’s cloud-based email environment. This led HPE to immediately consult with external cybersecurity experts and launch an investigation in an attempt to contain the breach and determine the extent of the unauthorized access. Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is an advanced persistent threat group associated with the Russian government’s Foreign Intelligence Service. They have a history of carrying out high-profile cyberattacks, such as the 2020 supply-chain attack against SolarWinds.

The filing also disclosed that HPE believes the unauthorized access and data exfiltration by Cozy Bear began in May 2023, affecting a small percentage of HPE mailboxes belonging to individuals in various segments of the company. Furthermore, HPE revealed that this incident was related to earlier activity conducted against the company earlier in the year.

While HPE’s investigation into the incident remains ongoing, the company stated that it understands the incident is likely related to earlier activity by this threat actor, which the company was notified of in June 2023. Following this notice, HPE took immediate action and worked with external cybersecurity experts to contain and mitigate the unauthorized access to a limited number of SharePoint files. HPE also indicated that it is cooperating with law enforcement and will make regulatory notifications as appropriate.

This cyberattack on HPE follows a similar attack on Microsoft, which was recently disclosed by the tech giant. In Microsoft’s case, Cozy Bear gained access by using a password spray attack against a legacy non-production test tenant account to gain a foothold in the network before elevating privileges and accessing a very small percentage of Microsoft corporate email accounts.

As a precaution and in compliance with new regulatory disclosure guidelines, HPE filed the 8-K with the Securities & Exchange Commission to notify the regulatory body and investors about the incident. HPE assured that there has been no operational impact on its business, and to date, they have not determined that this incident is likely to have a material financial impact.

In a statement to TechTarget Editorial, a spokesperson for HPE reiterated that the company is continuing to investigate the incident and will make appropriate notifications as required. They also reassured that, despite the breach, there has been no operational impact on the business and that HPE is taking all necessary measures to address and mitigate the situation.

It is clear that cyberattacks from nation-state actors pose a significant threat to organizations worldwide, and HPE’s disclosure of the breach serves as a reminder of the importance of robust cybersecurity measures to protect against such attacks. As the investigation into the breach continues and the cybersecurity landscape evolves, it is essential for organizations to remain vigilant and proactive in safeguarding their digital assets from malicious actors.

Source link