HP Enterprise was hacked by the same Russian state-sponsored group that targeted Microsoft

HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives and other employees at Microsoft. It was also the same hacking group behind the SolarWinds attacks that affected multiple government entities, including the US Treasury Department and Homeland Security. In addition, the National Security Agency accused it in 2020 of trying to steal research on COVID-19 vaccines from the US, UK and Canada.

In its filing, HPE said it was notified on December 12, 2023 that an attacker had gained access to its cloud-based email environment. It worked with external cybersecurity experts that found that the threat actor was able to access and steal data from “a small percentage” of email accounts owned by employees from various divisions, including those in cybersecurity. HPE didn’t say what kind of data was stolen, but it believes the incident is related to an earlier security breach that took place in May 2023, wherein the bad actor was able to get away with “a limited number of SharePoint files.” SharePoint is a document management and collaborative platform for Microsoft 365.

HPE spokesperson Adam R. Bauer told AP that the company can’t say whether this incident is related to Microsoft’s data breach. Bauer also said that the “total scope of mailboxes and emails accessed remains under investigation.” So far, HPE’s investigation has shown that the attack hasn’t had material impact on its operations, but it’s still looking into the incident and working with law enforcement.

HP Enterprise was infiltrated by a hacking group linked to Russian intelligence last year, the business IT company has revealed in a Securities and Exchange Commission filing. The threat actor is believed to be Midnight Blizzard, also known as Cozy Bear, which was the same group that recently breached the email accounts of several senior executives and other employees at Microsoft. It was also the same hacking group behind the SolarWinds attacks that affected multiple government entities, including the US Treasury Department and Homeland Security. In addition, the National Security Agency accused it in 2020 of trying to steal research on COVID-19 vaccines from the US, UK and Canada.

In its filing, HPE said it was notified on December 12, 2023 that an attacker had gained access to its cloud-based email environment. It worked with external cybersecurity experts that found that the threat actor was able to access and steal data from “a small percentage” of email accounts owned by employees from various divisions, including those in cybersecurity. HPE didn’t say what kind of data was stolen, but it believes the incident is related to an earlier security breach that took place in May 2023, wherein the bad actor was able to get away with “a limited number of SharePoint files.” SharePoint is a document management and collaborative platform for Microsoft 365.

HPE spokesperson Adam R. Bauer told AP that the company can’t say whether this incident is related to Microsoft’s data breach. Bauer also said that the “total scope of mailboxes and emails accessed remains under investigation.” So far, HPE’s investigation has shown that the attack hasn’t had material impact on its operations, but it’s still looking into the incident and working with law enforcement.