Suspected hackers linked to the Kremlin are believed to have breached the cloud email infrastructure of technology giant Hewlett Packard Enterprise (HPE) to extract mailbox data.
According to a regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE stated, “The threat actor accessed and extracted data starting from May 2023 from a small subset of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”
The intrusion has been attributed to APT29, a Russian state-sponsored group also known by aliases such as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.
This disclosure follows Microsoft’s recent revelation implicating the same threat actor in breaching its corporate systems in late November 2023, targeting senior executives and personnel in the cybersecurity and legal departments to pilfer emails and attachments.
HPE was made aware of the incident on December 12, 2023, indicating that the hackers operated within its network without detection for over six months.
The company also noted a likely connection to a prior security event, also attributed to APT29, involving unauthorized access and extraction of a limited number of SharePoint files as early as May 2023, with HPE being alerted to the malicious activity in June 2023.
While emphasizing that the incident has not materially impacted its operations to date, HPE did not disclose the full extent of the attack or the specific email data compromised.
APT29, believed to be affiliated with Russia’s Foreign Intelligence Service (SVR), has been responsible for several notable cyber intrusions in recent years, including the 2016 breach of the U.S. Democratic National Committee (DNC) and the 2020 SolarWinds supply chain compromise.