January 25, 2024 at 01:06AM
Hewlett Packard Enterprise’s cloud email environment was compromised by hackers connected to the Kremlin, attributed to the Russian state-sponsored group APT29. The breach lasted over six months and is linked to a previous security event involving unauthorized access to SharePoint files. The incident did not impact the company’s operations, according to HPE.
Key takeaways from the meeting notes on the Newsroom Cyber Attack / Data Breach:
– Hewlett Packard Enterprise (HPE) has experienced a breach in its cloud email environment, with data being exfiltrated from a small percentage of HPE mailboxes by threat actors suspected to be linked to the Russian state-sponsored group APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.
– This intrusion is connected to a previous security event involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.
– Despite the breach, HPE has emphasized that the incident has not had any material impact on its operations to date, although the exact scale of the attack and the specific email information accessed has not been disclosed.
– APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been responsible for several high-profile hacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.