Hewlett Packard Enterprise (HPE) recently revealed a cybersecurity breach, disclosing that its cloud-based email system fell prey to the Russian state-sponsored hacking group, Cozy Bear. This disclosure aligns with Microsoft’s similar revelation in January, both highlighting the increasing threat of nation-state cyber actors. The breach impacted key HPE departments, with data exfiltration starting in May 2023. The company asserts minimal material impact, collaborating with law enforcement. This incident underscores the persistent challenges companies face in fortifying cybersecurity defenses against sophisticated state-sponsored threats.
In a recent disclosure, HPE acknowledged falling victim to a cyber attack orchestrated by the Russian state-sponsored hacking group, Cozy Bear. The revelation comes in tandem with Microsoft’s acknowledgment of a similar breach, underscoring the pervasive threat of nation-state cyber actors. This article delves into the details of the HPE breach, outlining the affected departments and the company’s response. The incident sheds light on the broader cybersecurity landscape, emphasizing the need for proactive measures and collaboration to address evolving state-sponsored cyber threats.
According to the disclosure made by the enterprise tech giant, HPE was notified in December 2023 about the security breach, revealing that the threat actors gained unauthorized access and exfiltrated data starting in May 2023. The compromised data primarily belonged to a small percentage of HPE mailboxes, impacting individuals in key departments such as cybersecurity, go-to-market, business segments, and other functions.
Further details provided by HPE indicate that the cyber attack may be linked to a prior incident that occurred in June 2023. During this earlier event, the hackers successfully compromised a limited number of SharePoint files, with the unauthorized access traced back to as early as May 2023.
HPE promptly initiated an investigation following the June incident, enlisting the assistance of external cybersecurity experts. The company implemented containment and remediation measures aimed at eradicating the malicious activity. Upon completing these actions, HPE concluded that the cyber attack did not materially impact the company.
Despite the breach, HPE reassures stakeholders that the incident has not had a material impact on the company thus far. Additionally, HPE states that it has not determined the incident to be reasonably likely to materially impact its financial health or operations. The company is actively collaborating with law enforcement agencies as part of the ongoing investigation and commits to providing regulatory notifications if deemed necessary.
This security breach revelation comes on the heels of a similar disclosure by Microsoft earlier in January. Microsoft reported that the same Russian state-sponsored hacking group, also known as Nobelium or APT29, compromised email accounts belonging to high-ranking executives. Notably, this hacking group gained notoriety in 2020 for orchestrating the SolarWinds breach, targeting a government supplier and causing significant cybersecurity concerns.
The U.S. Cybersecurity and Infrastructure Security Agency, along with Microsoft, has previously linked the state-sponsored hacking group to the Russian foreign intelligence service SVR. The coordinated disclosures by both Microsoft and HPE underscore the increasing importance of transparency in cybersecurity incidents.
It is worth noting that the timing of these disclosures aligns with the recent implementation of new U.S. Securities and Exchange Commission rules. These rules mandate companies to disclose material cybersecurity incidents promptly. As a result, organizations are compelled to share information about cyber threats, fostering a more informed and vigilant cybersecurity landscape.
In the aftermath of the disclosure, HPE shares experienced a minimal impact, remaining flat in after-hours trading at $15.76. While the financial implications have been limited so far, the incident highlights the persistent and sophisticated nature of cyber threats posed by state-sponsored actors. Companies across various industries face an ongoing challenge to fortify their cybersecurity defenses and respond swiftly to mitigate potential risks.
The cybersecurity breach at HPE serves as a stark reminder of the persistent and sophisticated nature of state-sponsored cyber threats. Despite minimal immediate financial impact, the incident underscores the importance of transparency, collaboration, and rapid response in the face of evolving cyber risks. As HPE and other organizations navigate the aftermath of such breaches, the imperative to fortify cybersecurity defenses and engage in collective efforts with law enforcement becomes increasingly evident. The incident underscores the ongoing challenges in safeguarding digital assets and the need for a vigilant and proactive approach to mitigate the evolving threat landscape.