Hewlett Packard Enterprise (HPE) revealed on Wednesday, Jan. 24, that it fell victim to a cyber attack orchestrated by a hacking group with ties to Russian intelligence (via Engadget).
The breach, disclosed in a Securities and Exchange Commission filing, has been linked to the notorious threat actor Midnight Blizzard, also known as Cozy Bear.
This same group was responsible for recent breaches at Microsoft, targeting the email accounts of senior executives and the high-profile SolarWinds attacks affecting various government entities.
Notorious Hacker Group Targets HP Enterprise
The intrusion into HPE's cloud-based email system was first detected on Dec. 12, 2023. The cybercriminals believed to be Cozy Bear, gained unauthorized access and managed to exfiltrate data.
While the company did not specify the nature of the stolen information, it acknowledged that a "small percentage" of email accounts, including those in the cybersecurity division, were compromised.
This incident is thought to be linked to a previous security breach in May 2023, where the attackers managed to abscond with a "limited number" of SharePoint files, a document management and collaborative platform for Microsoft 365. HPE has been working closely with external cybersecurity experts to investigate the breach's extent and impact.
Investigations Continue
HPE spokesperson Adam R. Bauer tells AP, "The total scope of mailboxes and emails accessed remains under investigation." The company cannot confirm a direct connection with Microsoft's data breach, reported last week, but both incidents share the common thread of Cozy Bear's involvement.
Microsoft disclosed a breach in late November, attributing it to the same Russian hacking group. The compromised accounts included those of senior Microsoft executives and employees in cybersecurity and legal departments.
Cozy Bear has a notorious history, having orchestrated the SolarWinds breach and drawing attention in 2020 when the National Security Agency accused the group of attempting to steal research on COVID-19 vaccines from the US, UK, and Canada.
The group focuses on stealth intelligence-gathering, with targets ranging from Western governments to IT service providers and think tanks in the US and Europe.
Despite the severity of the situation, HPE's preliminary assessment indicates no material impact on its operations. However, the company remains vigilant, investigating the incident and collaborating with law enforcement agencies.
The disclosure of this cyber attack underscores the persistent threat of state-sponsored actors in the digital domain. According to a 2023 survey of Chief Information Security Officers (CISOs) worldwide, seven out of ten organizations are vulnerable to a material cyberattack in the coming year (via Statista).
This figure has risen by 20% compared to the previous year. According to 84 percent of the surveyed officers from various industries, companies in the United Kingdom (UK) were at the highest risk of a cyberattack in 2023.