BOSTON (AP) – Hewlett Packard Enterprise disclosed Wednesday that suspected state-backed Russian hackers broke into its cloud-based email system and stole data from cybersecurity and other employees.
According to a filing with the Securities and Exchange Commission, the information technology products and services provider, Hewlett Packard Enterprise (HPE), revealed that it was alerted to the intrusion on January 12. The company believes that the hackers responsible are the infamous Cozy Bear, a unit of Russia’s SVR foreign intelligence service.
This recent revelation follows Microsoft’s announcement last week of the breach of their corporate network on the same date. Microsoft blamed Cozy Bear for that intrusion as well, which began in late November. The Russian hackers accessed accounts of senior Microsoft executives, along with those of cybersecurity and legal employees.
Cozy Bear was also responsible for the SolarWinds breach, focusing on stealth intelligence-gathering activities primarily targeting Western governments, IT service providers, and think tanks in the U.S. and Europe.
HPE stated in the filing, Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.
HPE’s spokesperson, Adam R. Bauer, declined to disclose who had notified the company of the breach, saying, We’re not sharing that information at this time. Bauer did mention that the compromised email boxes were running Microsoft software.
HPE clarified that the breach was likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files. SharePoint is a part of Microsoft’s 365 suite, previously known as Office, which includes email, word-processing, and spreadsheet applications.
As of now, HPE has yet to establish a connection between the hacking incident on its network and the one disclosed by Microsoft. We do not have the details of the incident Microsoft disclosed, Bauer stated.
The company did not disclose the positions or seniority of the HPE employees whose accounts were compromised, emphasizing that the investigation into the scope of the breach is still ongoing. HPE expressed in the filing that, thus far, the hack has not materially impacted its operations or financial health.
Both HPE and Microsoft’s recent disclosures come in the wake of the new U.S. Securities and Exchange Commission rule, effective since last month, which mandates publicly traded companies to report breaches that may negatively affect their business within four days, unless a national-security waiver is obtained.
HPE was launched as a separate entity in 2015 after splitting from Hewlett-Packard Inc., the renowned Silicon Valley computing company, best known today for its printer business.
The revelation of this cyberattack adds to an ongoing pattern of state-sponsored hacking activities, highlighting the growing threats posed by foreign intelligence services to both public and private entities, particularly in the technology sector. As investigations continue, it is critical for organizations to enhance their cybersecurity measures to safeguard sensitive data from such targeted breaches.