Russian hackers linked to the Kremlin are suspected of breaching the information technology giant Hewlett Packard Enterprise (HPE), targeting its cloud email environment to pilfer mailbox data.
HPE Cybersecurity Breach: Suspected Infiltration by Russian Hackers
In a regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE revealed that a threat actor, believed to have ties to the Russian government, gained unauthorized access to and extracted data from a portion of HPE mailboxes, including those belonging to cybersecurity personnel, go-to-market teams, and various business segments.
Attribution to APT29: The Notorious Russian State-Sponsored Group
The intrusion has been linked to APT29, a notorious Russian state-sponsored hacking group also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.
Microsoft Also Targeted: A Coordinated Cyberattack
Coincidentally, Microsoft reported a similar breach, implicating the same threat actor, where corporate systems were compromised in late November 2023, resulting in the theft of emails and attachments from senior executives and personnel in cybersecurity and legal departments.
Lengthy Persistence: Undetected Breach for Over Six Months
HPE disclosed that the breach was discovered on December 12, 2023, indicating that the threat actors had access to its network for more than six months without detection.
Continued Threat: APT29’s Persistent Actions
This breach seems to be part of a larger campaign by APT29, with a prior security event involving unauthorized access to and extraction of SharePoint files as early as May 2023. Despite being alerted to the activity in June 2023, the threat actors managed to maintain access.
Minimal Impact: Reassurance Amidst Breach
Although the scale of the attack and the specific email data accessed were not disclosed, HPE reassured stakeholders that the breach has not materially affected its operations to date.
APT29’s Track Record: Noteworthy Cyber Incursions
APT29, allegedly affiliated with Russia’s Foreign Intelligence Service (SVR), has been implicated in several high-profile cyberattacks, including the 2016 breach of the U.S. Democratic National Committee (DNC) and the 2020 SolarWinds supply chain compromise.