Hackers with hyperlinks to the Kremlin are suspected to have infiltrated data expertise firm Hewlett Packard Enterprise’s (HPE) cloud electronic mail atmosphere to exfiltrate mailbox information.
“The menace actor accessed and exfiltrated information starting in Might 2023 from a small share of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features,” the corporate stated in a regulatory submitting with the U.S. Securities and Change Fee (SEC).
The intrusion has been attributed to the Russian state-sponsored group often known as APT29, and which can also be tracked below the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (previously Nobelium), and The Dukes.
The disclosure arrives days after Microsoft implicated the identical menace actor to the breach of its company programs in late November 2023 to steal emails and attachments from senior executives and different people within the firm’s cybersecurity and authorized departments.
HPE stated it was notified of the incident on December 12, 2023, that means that the menace actors continued inside its community undetected for greater than six months.
It additionally famous that assault is probably going related to a previous safety occasion, additionally attributed to APT29, which concerned unauthorized entry to and exfiltration of a restricted variety of SharePoint recordsdata as early as Might 2023. It was alerted of the malicious exercise in June 2023.
HPE, nevertheless, emphasised that the incident has not had any materials impression on its operations thus far. The corporate didn’t disclose the dimensions of the assault and the precise electronic mail data that was accessed.
APT29, assessed to be a part of Russia’s Overseas Intelligence Service (SVR), has been behind some high-profile hacks in recent times, together with the 2016 assault on the U.S. Democratic Nationwide Committee (DNC) and the 2020 SolarWinds provide chain compromise.
