In a new SEC disclosure, Hewlett Packard Enterprise (HPE) announced on Wednesday that it fell prey to the same Russian intelligence group, known as Midnight Blizzard or Cozy Bear, that recently breached Microsoft's email system. This disclosure comes just a week after Microsoft reported a similar intrusion, putting the spotlight back on this notorious hacking group.
HPE's cloud-based email system was the primary target, with the breach initiating in May 2023. The hackers successfully accessed and extracted data from a small yet significant fraction of HPE mailboxes. These mailboxes belonged to key personnel in cybersecurity, go-to-market, business segments, and other critical functions within the company. Fortunately, HPE has stated that these breaches have not had a material impact on the company so far.
The hacking group behind these attacks is the same one that executed the infamous SolarWinds hack in 2020. Both the U.S. Cybersecurity and Infrastructure Security Agency and Microsoft have previously identified this group as being connected to the Russian foreign intelligence service SVR.
HPE's situation underscores a critical reality in today’s digital landscape – no organization, no matter how sophisticated, is immune to cybersecurity threats. With recent U.S. Securities and Exchange Commission rules mandating companies to disclose material cybersecurity incidents, the need for robust digital defenses has never been more evident.
As the investigation continues, HPE is closely working with law enforcement and will provide necessary regulatory notifications. This incident serves as a reminder of the escalating cyber threats in the global digital arena, especially from state-sponsored actors.
