Hewlett Packard Enterprise (HPE) reported on Wednesday that its cloud-based email system fell victim to a cyberattack orchestrated by the Russian state-sponsored hacking group known as Midnight Blizzard or Cozy Bear. The breach involved unauthorized access and data exfiltration from a small percentage of HPE mailboxes, impacting individuals in cybersecurity, go-to-market, business segments, and other functions. HPE, a leading enterprise tech company, disclosed the incident in a regulatory filing, stating that the threat actor initiated the attack in May 2023. The company is currently conducting an ongoing investigation, linking this breach to a separate incident in June 2023 when the hackers compromised a limited number of SharePoint files.
Upon discovering the security breach in June, HPE collaborated with external cybersecurity experts to implement containment and remediation measures. The company asserted that the activity did not materially impact its operations. HPE is actively working with law enforcement agencies and will notify regulators as necessary during the ongoing investigation. Despite the breach, HPE maintains that it has not experienced a material impact, and there is no indication that the incident is reasonably likely to have a significant effect on its financial health or operations.
This disclosure comes in the wake of Microsoft's announcement earlier in January, revealing that the same hacking group, also known as Nobelium or APT29, had compromised email accounts belonging to some of its high-ranking executives. Notably, this Russian intelligence-linked hacking group gained infamy in 2020 for its role in the SolarWinds supply chain attack. The revelation of these cyber incidents aligns with new Securities and Exchange Commission regulations requiring companies to disclose material cybersecurity events promptly. As of the after-hours trading on Wednesday, HPE's shares remained flat at $15.76.