Hewlett Packard Enterprise (HPE) disclosed that attacker group Cozy Bear, a known Russian state-sponsored hacking collective, breached the company‘s cloud-based email environment and stole data.
HPE disclosed the breach in a Security Exchange Commission (SEC) filing, saying that the company was notified about the breach on December 12th. However, the exfiltration likely started over half a year prior.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company‘s filing reads.
The attack has been attributed to the Russian state-sponsored attacker group APT29, also known as Cozy Bear, Midnight Blizzard, BluRavo, and Cloaked Ursa. Earlier this week, Microsoft said the same group attempted to breach its corporate systems.
Cozy Bear, among the most notorious Russia-linked advanced persistent threats (APT), made global headlines after the infamous SolarWinds attacks, which focused on stealth intelligence-gathering on Western governments and companies.
Meanwhile, HPE believes that the incident is likely related to Cozy Bear‘s activity, about which the company was notified in June. At the time, it was thought that attackers gained unauthorized access and exfiltrated “a limited number of SharePoint files.”
“Following the notice in June, we immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity. Upon undertaking such actions, we determined that such activity did not materially impact the company,” HPE said.
The US tech giant said that its investigation of the attack indicates that the company will not experience any material or operational impact due to the breach.
HPE is an American multinational tech behemoth based in Texas. In 2022, the company reported revenues exceeding $28 billion and a staff of over 60,000.
More from Cybernews:
Subscribe to our newsletter