Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Russian APT Group Breaches HPE’s Emails

Executive Summary

Hewlett Packard Enterprise (HPE) experienced a significant cybersecurity breach attributed to the Russian state-sponsored hacking group APT29 (Midnight Blizzard, Cozy Bear).

The attackers accessed and exfiltrated data from HPE mailboxes, affecting key divisions.

HPE reported in its SEC filing that it did not materially impact its operations.

This breach underscores the persistent threat from state-sponsored hacking groups and emphasises the crucial need for robust cybersecurity measures across all organisations.

What Happened

On January 19, 2024, Hewlett Packard Enterprise (HPE) disclosed a significant cybersecurity breach in a filing with the U.S. Securities and Exchange Commission (SEC). HPE’s SEC filing revealed key information about the breach.

The breach involved the infiltration of HPE’s Microsoft Office 365 cloud-based email environment.

HPE attributes the incident to the Russian state-sponsored hacking group known as APT29 (also referred to as Midnight Blizzard, Cozy Bear, and several other aliases).

The incident commenced in May 2023. Subsequently, the hackers persisted undetected within HPE’s network for over six months. As a result, the attackers accessed and exfiltrated data from certain HPE mailboxes. Those included mailboxes belonging to individuals in key divisions like cybersecurity and business segments.

Moreover, this breach appears to be connected to a previous security incident that HPE was alerted to in June 2023. The previous incident involved unauthorised access to and exfiltration of a limited number of SharePoint files. This connection suggests a broader and sustained campaign by APT29 against HPE’s digital infrastructure.

Impact of the Incident

The breach exposed sensitive data and potentially compromised the privacy and security of individuals whose email accounts were targeted.

On the other hand, the investigation is still ongoing to determine the full extent of the accessed mailboxes and emails.

However, as per HPE’s SEC filing, the incident didn’t materially impact the company’s operations.

It’s worth noting that the breach could also have potential risks to other organisations and individuals within HPE’s ecosystem.

HPE’s Response

According to the SEC filing, HPE initiated an immediate investigation to determine the scope of the intrusion and the extent of data exfiltration. In addition to its internal efforts, HPE engaged external cybersecurity experts to provide specialised expertise in assessing, containing, and remediating the breach.

They put containment measures in place to prevent further unauthorised access and data exfiltration. Also, they implemented additional security enhancements.

Last but not least, HPE is committed to transparency and cooperation with relevant authorities and stakeholders.

About APT29

APT29 (also referred to as Midnight Blizzard, Cozy Bear, and several other aliases) is a Russian state-sponsored hacking group with ties to the Russian Foreign Intelligence Service (SVR). This group has gained notoriety for its involvement in high-profile cyberattacks against government entities, corporations, and critical infrastructure.

In addition to the HPE breach, they recently compromised Microsoft’s email accounts, including those of the company’s top executives.

APT29’s track record also includes the 2020 SolarWinds supply chain compromise.

Their operations focus on stealth intelligence-gathering, primarily targeting Western governments, IT service providers, and think tanks in the United States and Europe.

Closing Comments

In conclusion, the HPE email breach underscores the persistent and evolving threat posed by state-sponsored hacking groups. It emphasises the critical importance of robust cybersecurity measures and proactive vigilance in safeguarding sensitive corporate and customer data. Companies like HPE and Microsoft, are just recent victims. However, it is crucial for every organisation to recognise that they are susceptible to such threats. Therefore, organisations must consistently maintain a high level of cybersecurity measures.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.