Hewlett Packard Enterprise (HPE) has reported a cybersecurity breach orchestrated by the Russian government-backed hacker group Midnight Blizzard.
The disclosure was made in a corporate filing submitted to the U.S. Securities and Exchange Commission (SEC) on Thursday, marking another alarming incident after Microsoft reported a similar attack by the same group recently.
The cyber intrusion, believed to be the work of the state-sponsored actor also known as Cozy Bear, came to HPE’s attention on December 12, 2023. In the SEC filing, HPE disclosed that Midnight Blizzard gained unauthorized access to the company’s cloud-based email environment. Immediate response measures were activated by HPE, including an investigation, containment, and remediation, with assistance from external cybersecurity experts.
According to the ongoing investigation, the threat actor had access to and exfiltrated data from a small percentage of HPE mailboxes belonging to individuals in cybersecurity, go-to-market, business segments, and other functions. The breach is believed to have commenced in May 2023. HPE stated that the incident is likely related to an earlier episode in June 2023, where unauthorized access to and exfiltration of a limited number of SharePoint files occurred.
HPE clarified that the containment and remediation measures taken in June 2023 successfully eradicated the earlier activity, with no material impact on the company. As of the current filing, the incident has not materially affected HPE’s operations, and the company does not consider it reasonably likely to have a material impact on its financial condition or results of operations.
HPE has notified and is cooperating with law enforcement agencies, evaluating regulatory notification obligations. The cybersecurity breach, while a serious incident, has not led to a material disruption of the company’s operations.
The similar report with that of Microsoft’s attack by Midnight Blizzard in a separate SEC filing points to the heightened risks posed by well-resourced nation-state threat actors targeting large organizations.
Midnight Blizzard, also known as APT29, has been associated with the Russian Foreign Intelligence Service (SVR). The group gained notoriety for advanced cyber-warfare techniques and has been linked to multiple high-profile cyberattacks, targeting institutions such as the Pentagon, the Democratic National Committee, and governmental bodies in various countries.
The cybersecurity community is closely monitoring the situation, emphasizing the need for organizations to remain vigilant and fortified against persistent and sophisticated threat actors.
Author
