Hewlett Packard Enterprise (HPE) revealed on Wednesday that it had fallen victim to a cyber intrusion, discovering unauthorized access by suspected state-backed Russian hackers on January 12. The hackers were identified as Cozy Bear, a unit of Russia’s SVR foreign intelligence service.
The breach impacted a small percentage of HPE mailboxes, targeting individuals in cybersecurity, go-to-market, business segments, and other functions. The threat actor accessed and exfiltrated data beginning in May 2023, including a limited number of SharePoint files, part of Microsoft’s 365 suite.
HPE is actively investigating the incident and collaborating with law enforcement. The company emphasized that, despite the breach, it has not materially impacted its operations or financial health. Containment and remediation measures were implemented upon the discovery of the activity in June 2023.
Cozy Bear, also known as Midnight Blizzard or APT29, has a history of state-sponsored cyberattacks, including the SolarWinds breach and the recent intrusion into Microsoft’s corporate network.
The disclosure aligns with the newly enacted U.S. Securities and Exchange Commission (SEC) rules mandating companies to disclose material cybersecurity incidents. Both HPE and Microsoft have recently revealed breaches by Cozy Bear, highlighting the evolving landscape of state-sponsored cyber threats targeting major corporations.
HPE’s breach underscores the ongoing challenges organizations face in safeguarding digital assets against sophisticated cyber threats. As cybersecurity threats evolve, companies must remain vigilant, invest in robust security measures, and collaborate with law enforcement to mitigate the impact of such incidents. The disclosure emphasizes the need for a collective effort to address the growing sophistication of cyber adversaries in the modern era.