Russian State-Sponsored Group Hacks HP Enterprise and Microsoft

In a recent filing with the Securities and Exchange Commission, Hewlett Packard Enterprise (HPE) disclosed that it was infiltrated by a cybercriminal group with ties to Russian intelligence in the previous year. The hackers, known as Midnight Blizzard or Cozy Bear, are the same entity who broke into the email accounts of multiple Microsoft higher-ups and staff. Additionally, they were behind the high-profile SolarWinds cyberattacks, compromising several branches of government including the US Treasury Department and Homeland Security. The National Security Agency also alleged in 2020 that this group attempted to pilfer research related to COVID-19 vaccines from several countries.

In the document submitted to the SEC, HPE announced that they were notified on December 12, 2023, that a cybercriminal had broken into its cloud-based email system. They employed external cybersecurity professionals who discovered that the hacker managed to breach and extract data from a small cluster of employee email accounts across various departments, such as the cybersecurity division. HPE refrained from specifying the type of data breached, though they speculate the event is linked to an earlier cyberattack in May 2023. During this previous incident, the attacker pilfered ‘a limited number of SharePoint files’, a document management platform from Microsoft.

Adam R. Bauer, a spokesperson for HPE, informed the Associated Press that it is uncertain if their data breach was linked to Microsoft’s. Bauer added that ongoing investigations are striving to ascertain the ‘total scope of mailboxes and emails’ compromised. While initial findings suggest there was no significant impact on HPE’s operational proceedings, the investigation of the event is still ongoing and currently involves several law enforcement agencies.