Russian hackers, suspected to be state-backed, have recently gained unauthorized access to Hewlett Packard Enterprise’s cloud-based email system. This security breach resulted in the theft of data from cybersecurity and other employees. This information was disclosed by the provider of information technology products and services in a Securities and Exchange Commission regulatory filing on January 19th, 2024. The company, based in Spring, Texas, stated that it was notified of the intrusion on January 12th and believes that the hackers are associated with Cozy Bear, a unit of Russia’s SVR foreign intelligence service.
This recent incident is part of a larger trend of cyber intrusions by Cozy Bear, as Microsoft also reported a similar breach in its corporate network on January 12th, 2024. The Redmond, Washington-based tech giant confirmed that the breach, which began in late November, was attributed to the same Russian hacking group. These cyberattacks have targeted accounts of senior executives as well as cybersecurity and legal employees.
Cozy Bear, the group behind the infamous SolarWinds breach, specializes in stealth intelligence-gathering activities directed towards Western governments, IT service providers, and think tanks in the U.S. and Europe. The breach at Hewlett Packard Enterprise is believed to have resulted in the unauthorized access and exfiltration of data from a small percentage of HPE mailboxes belonging to individuals in various segments of the company.
According to a company spokesman, the compromised email boxes were running Microsoft software, indicating the extent of the breach and its potential impact. This intrusion is suspected to be linked to earlier activity by the same threat actor, which was initially notified to HPE in June 2023. This prior incident involved unauthorized access to and exfiltration of a limited number of SharePoint files, which are part of Microsoft’s 365 suite.
While the exact details and scope of the breach are still under investigation, HPE has stated that it has not identified any material impact on its operations or financial health as a result of this security incident. This assurance comes on the heels of a new U.S. Securities and Exchange Commission rule that requires publicly traded companies to promptly disclose breaches that could adversely affect their business. This rule, which took effect recently, gives companies a four-day window to make such disclosures unless they obtain a national-security waiver.
Hewlett Packard Enterprise, which was spun off from Hewlett-Packard Inc. in 2015, has found itself at the center of this cybersecurity breach, underscoring the persistent threat posed by state-backed hackers to corporate networks and sensitive data. As the company continues to investigate the full extent of the breach and assess the potential repercussions, the broader implications of this incident on the cybersecurity landscape remain a topic of concern and scrutiny.