HPE Hacked - Investigating Cyber Attack Linked to Russian Nation-State Group

Hewlett Packard Enterprise (HPE), a multinational information technology company, has revealed a significant cybersecurity breach impacting its cloud email system. 

In a Form 8-K filing with the Securities and Exchange Commission on January 19th, 2024, HPE disclosed that a "suspected nation-state actor" infiltrated its systems and accessed employee emails.

The breach was first detected on December 12th, 2023 when HPE was alerted that the threat actor, Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, believed to be the Russian hacker group, had gained unauthorized entry to its cloud email environment. HPE immediately launched an investigation with assistance from external cybersecurity experts to contain the incident.

Analysis shows that hackers were able to access and steal data from a small number of HPE employee mailboxes beginning in May 2023.

Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions. -reads the SEC filing.

The affected mailboxes belonged to staff in cybersecurity, sales, business segments and other corporate functions. While the investigation remains ongoing, HPE now believes this breach was connected to earlier suspicious activity detected in June 2023. At that time, HPE was notified of unauthorized access and data theft from a limited number of SharePoint documents.

HPE states they took swift action in June to investigate, contain and eliminate the intruder activity. After undertaking remediation measures, HPE concluded that the June event did not substantially impact business operations. However, the wider email system breach detected in December represents a more severe and advanced attack phase.

In its SEC filing, HPE disclosed it is cooperating with law enforcement and assessing regulatory notification requirements. The company stated the incident has so far not materially affected business operations. However, HPE indicated it has not yet determined whether the breach might reasonably impact financial performance going forward.

Cybersecurity experts note that hackers often gain entry to systems months before being detected. The lengthy timeline in this case raises concerns over how much data the intruders accessed and whether they were able to establish persistent internal access.

HPE has not revealed specifics about which customers may have been impacted or what information was compromised. 

While HPE works to uncover more details on the breach, its customers and the wider technology industry will be watching closely for lessons that can improve community cyber resilience. Major cyberattacks like this illustrate the ever-evolving nature of threats.

Just days after HPE's filing, on January 20th, 2024 Microsoft revealed it too suffered a breach by the Midnight Blizzard group, allowing hackers to steal data from executive and employee emails. 

The Microsoft attack involved the misconfiguration of a test account that was brute-forced to gain entry. With two major tech firms compromised by the same Russian-linked hackers in the same week, the industry is on high alert about the dangerous capabilities of these nation-state actors. 

By investigating and sharing insights on incidents, technology leaders hope to stay one step ahead of sophisticated hackers in the digital arms race for information security.