In a recent regulatory filing, Hewlett Packard Enterprise (HPE) admitted that its cloud-based email system fell victim to a cyber attack orchestrated by the Russian state-sponsored hacking group known as Midnight Blizzard or Cozy Bear. The breach occurred in May 2023, and HPE was informed about it in December of the same year. This article delves into the details of the attack, the company’s response, and the potential consequences.
The Cyber Attack
The Russian state-sponsored hacking group managed to gain unauthorized access to a small percentage of HPE mailboxes belonging to individuals in various departments, including cybersecurity, go-to-market, business segments, and other functions. Additionally, the hackers compromised a limited number of SharePoint files as early as May 2023. HPE believes that this incident may be connected to another security breach that occurred in June 2023.
After being notified of the breach in June, HPE initiated an immediate investigation with the assistance of external cybersecurity experts. The company quickly implemented containment and remediation measures to eradicate the unauthorized activity. HPE maintains that the cyber attack did not significantly impact its operations or financial health, although the investigation is still ongoing.
Recognizing the severity of the situation, HPE has engaged with law enforcement agencies to aid in the investigation. It has also pledged to provide regulatory notifications if required. By cooperating with authorities, HPE aims to gather insights and intelligence about the Midnight Blizzard hacking group to prevent future attacks and protect its infrastructure.
This incident follows an earlier disclosure by Microsoft that its high-ranking executives’ email accounts were compromised by the same Russian-linked hacking group. In 2020, Midnight Blizzard gained notoriety for orchestrating a significant cyber attack on government supplier SolarWinds. These incidents underscore the persistent threat posed by state-sponsored hacking groups, highlighting the importance of robust cybersecurity measures for organizations across industries.
The disclosure of this breach aligns with recently enacted U.S. Securities and Exchange Commission (SEC) rules that require companies to communicate significant cybersecurity incidents. Both Microsoft and HPE have complied with these regulations by promptly reporting their respective breaches. This transparency promotes transparency and strengthens public trust by keeping stakeholders informed about potential risks and vulnerabilities.
The hacking of Hewlett Packard Enterprise’s cloud-based email system by the Russian state-sponsored Midnight Blizzard group highlights the ongoing challenges faced by organizations in defending against sophisticated cyber attacks. HPE’s swift response, collaboration with law enforcement, and compliance with regulatory requirements demonstrate a commitment to addressing the breach. It remains crucial for companies to prioritize cybersecurity measures and remain vigilant against evolving threats to safeguard critical systems and sensitive data. As the investigation into this incident continues, it is hoped that valuable insights can be gleaned to enhance future defense strategies against state-sponsored hacking groups.
Leave a Reply