HPE's cloud-based email system was the primary target, with the breach initiating in May 2023. The hackers successfully accessed and extracted data from a small yet significant fraction of HPE mailboxes. These mailboxes belonged to key personnel in cybersecurity, go-to-market, business segments, and other critical functions within the company. Fortunately, HPE has stated that these breaches have not had a material impact on the company so far.
The hacking group behind these attacks is the same one that executed the infamous SolarWinds hack in 2020. Both the U.S. Cybersecurity and Infrastructure Security Agency and Microsoft have previously identified this group as being connected to the Russian foreign intelligence service SVR.
HPE's situation underscores a critical reality in today’s digital landscape – no organization, no matter how sophisticated, is immune to cybersecurity threats. With recent U.S. Securities and Exchange Commission rules mandating companies to disclose material cybersecurity incidents, the need for robust digital defenses has never been more evident.
As the investigation continues, HPE is closely working with law enforcement and will provide necessary regulatory notifications. This incident serves as a reminder of the escalating cyber threats in the global digital arena, especially from state-sponsored actors.