Hewlett Packard Enterprise (HPE) has confirmed that Russian state-sponsored hackers breached its Microsoft 365 email environment in May 2023. According to a Form 8-K filing, hackers from APT29, otherwise known by the nom-de-guerre Midnight Blizzard, stole data from its cybersecurity arm and other departments.
“Based on our investigation,” read the filing, “we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”
HPE hack the latest from Russia-based group
HPE first learned about the breach in its systems on 12 December 2023. In a statement shared with BleepingComputer, the enterprise software provider explained that it immediately launched an investigation into the incident and took remedial steps to flush out the intruders. In its judgement, the attackers belonged to APT29, a cybercrime gang also linked to a recent cyberattack on Microsoft. In that incident, reported earlier this month, Redmond said that several email accounts belonging to members of its senior leadership team were compromised.
Otherwise known as Midnight Blizzard, Cozy Bear or Nobelium, APT29 is a state-sponsored hacking group associated with Russia’s Foreign Intelligence Service (SVR). First noticed by researchers at Kaspersky in 2008, the organisation has been associated with several high-profile cyberattacks over the past decade. These have included the infamous SolarWinds attack, wherein a breach at the eponymous IT services firm metastasized into an incident impacting over 18,000 companies, and the infiltration of the Democratic National Committee (DNC) ahead of the 2016 US presidential election.
8-K filings forcing greater cybersecurity transparency
In the interests of transparency, the US Securities & Exchange Commission (SEC) has since mandated that US companies publish details about material cybersecurity incidents (with even cybercriminals themselves embracing this new rule). In its filing, HPE stated that it was cooperating with law enforcement in its investigation of APT29’s intrusion into its systems, adding that “the incident has not had a material impact on the Company’s operations” and is not likely to in the near future.
Even so, the breach is likely to provoke much head-scratching within HPE as to how the firm should tighten its cybersecurity. Such measures would follow the example of Microsoft, which announced that it would update its internal security practices after it was breached by APT29. “We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes,” the company said in a statement. “This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this new philosophy.”