View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 25, 2024updated 26 Jan 2024 10:46am

HPE latest victim of state-sponsored Russian hacking spree

The HPE hack has been attributed to APT29, the same Russian hacking group thought to have breached Microsoft earlier this month.

By Greg Noone

Hewlett Packard Enterprise (HPE) has confirmed that Russian state-sponsored hackers breached its Microsoft 365 email environment in May 2023. According to a Form 8-K filing, hackers from APT29, otherwise known by the nom-de-guerre Midnight Blizzard, stole data from its cybersecurity arm and other departments. 

“Based on our investigation,” read the filing, “we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

The logo of HPE, used to illustrate a story about the HPE hack by APT29, a Russia-based cybercriminal group.
The HPE hack is the latest in a long line of breaches masterminded by APT29, a Russian state-sponsored cybercriminal gang. (Photo by Sundry Photography/Shutterstock)

HPE hack the latest from Russia-based group

HPE first learned about the breach in its systems on 12 December 2023. In a statement shared with BleepingComputer, the enterprise software provider explained that it immediately launched an investigation into the incident and took remedial steps to flush out the intruders. In its judgement, the attackers belonged to APT29, a cybercrime gang also linked to a recent cyberattack on Microsoft. In that incident, reported earlier this month, Redmond said that several email accounts belonging to members of its senior leadership team were compromised. 

Otherwise known as Midnight Blizzard, Cozy Bear or Nobelium, APT29 is a state-sponsored hacking group associated with Russia’s Foreign Intelligence Service (SVR). First noticed by researchers at Kaspersky in 2008, the organisation has been associated with several high-profile cyberattacks over the past decade. These have included the infamous SolarWinds attack, wherein a breach at the eponymous IT services firm metastasized into an incident impacting over 18,000 companies, and the infiltration of the Democratic National Committee (DNC) ahead of the 2016 US presidential election. 

Monetisation survey

8-K filings forcing greater cybersecurity transparency

In the interests of transparency, the US Securities & Exchange Commission (SEC) has since mandated that US companies publish details about material cybersecurity incidents (with even cybercriminals themselves embracing this new rule). In its filing, HPE stated that it was cooperating with law enforcement in its investigation of APT29’s intrusion into its systems, adding that “the incident has not had a material impact on the Company’s operations” and is not likely to in the near future.

Even so, the breach is likely to provoke much head-scratching within HPE as to how the firm should tighten its cybersecurity. Such measures would follow the example of Microsoft, which announced that it would update its internal security practices after it was breached by APT29. “We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes,” the company said in a statement. “This will likely cause some level of disruption while we adapt to this new reality, but this is a necessary step, and only the first of several we will be taking to embrace this new philosophy.”

Read more: Massive 12TB ‘Mother of all breaches’ shocks cybersec world

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Topics in this article : ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.