Russian Hackers Breach Hewlett Packard Enterprise’s Email System
Hewlett Packard Enterprise (HPE) has reported a significant security breach, with indications that hackers linked to the Kremlin gained unauthorized access to its cloud email environment. The intruders are believed to have extracted mailbox data, targeting a subset of accounts within the company’s cybersecurity and business segments. This intrusion has been traced back to a state-sponsored group known as APT29, also referred to by various names, including Cozy Bear and Cloaked Ursa.
According to a regulatory filing with the U.S. Securities and Exchange Commission, the breach began in May 2023. HPE acknowledged in its statement that the compromise affected only a small portion of its email users, specifically those involved in critical operational roles within the company. The details surrounding the exact nature and volume of the compromised data have not been disclosed.
The timing of this revelation is notable, as it follows recent disclosures from Microsoft, which connected APT29 to a breach of its own corporate systems in late November 2023. In that incident, sensitive emails and attachments were stolen from high-ranking executives and employees within Microsoft’s cybersecurity and legal divisions. This pattern highlights a concerning trend of coordinated cyber-attacks targeting corporate infrastructure by this sophisticated threat actor.
HPE learned of the breach on December 12, 2023, suggesting that the attackers could have exploited vulnerabilities within its network for over six months without detection. The company indicated that this incident may be related to a previous security event also linked to APT29, where there was unauthorized access to SharePoint files, with malicious activity first noted in June 2023.
Despite the breach’s severity, HPE has stated that it has not materially impacted their operations thus far. However, the lack of details regarding the scope of the attack raises concerns among cybersecurity professionals, particularly considering that APT29 is assessed to be part of Russia’s Foreign Intelligence Service (SVR) and has a history of high-profile hacks.
Analysis of the attack using the MITRE ATT&CK framework suggests several tactics may have been employed, including initial access, persistence, and data exfiltration. Initial access might have been facilitated through phishing or exploiting software vulnerabilities. Once inside HPE’s system, the hackers could have implemented persistence tactics to maintain access and stealthily exfiltrate data over an extended period.
This incident underscores the growing threat landscape posed by state-sponsored cyber actors and highlights the necessity for robust cybersecurity strategies. Businesses must remain vigilant and proactive in defending against potential intrusions that exploit both technological weaknesses and human factors.
As the investigation into this breach continues, it serves as a reminder to corporate leaders about the ever-evolving challenges in safeguarding sensitive data. Staying informed and prepared against such advanced persistent threats is imperative for sustaining operational integrity in today’s interconnected digital world.
