Hewlett Packard Enterprise Suffers Data Breach at the Hands of a Russian Intelligence Group

Hewlett Packard Enterprise (HPE), a leading technology company, announced on Wednesday that its cloud-based email system had been compromised by a Russian state-sponsored hacking group known as Midnight Blizzard or Cozy Bear. The breach, which occurred between May 2023 and December 2023, affected a small percentage of HPE mailboxes belonging to individuals in various business segments and functions.

The Russian intelligence group behind the hack is the same one responsible for the SolarWinds hack in 2020 and the Microsoft email breach disclosed last week. According to reports, the U.S. Cybersecurity and Infrastructure Security Agency and Microsoft have previously linked the group with the Russian foreign intelligence service SVR.

In a regulatory filing, HPE revealed that it was notified in December 2023 that the threat actor had gained unauthorized access to its email system and exfiltrated data. The company is still investigating the incident, which it believes is related to another breach that occurred in June 2023. During that event, the hackers managed to compromise a limited number of SharePoint files as early as May 2023.

Following the notification in June, HPE immediately launched an investigation with the assistance of external cybersecurity experts and took containment and remediation measures to eradicate the activity. The company determined that the incident did not materially impact its financial health or operations.

Microsoft, which also fell victim to the same Russian-linked hacking group, disclosed its breach earlier in January. The hack affected some of the email accounts of its high-ranking executives. The U.S. government has previously warned that the group poses a significant threat to U.S. organizations.

The disclosure of the breaches by Microsoft and HPE follows newly enacted U.S. Securities and Exchange Commission rules requiring companies to disclose material cybersecurity incidents. HPE shares were flat in after-hours trading Wednesday at $15.76.

The breach at HPE is a reminder of the increasing threat posed by state-sponsored hacking groups to organizations across various industries. According to a report by Cybersecurity Ventures, the global cost of cybercrime is expected to reach $10.5 trillion annually by 2025. State-sponsored hacking is a significant contributor to this cost.

HPE, which employs over 50,000 people worldwide, provides a range of technology solutions, including servers, storage, and networking equipment. The company’s customers include businesses, governments, and service providers. The breach is a significant setback for the company, which has been working to transform itself into a leading player in the cloud computing market.

The incident also highlights the importance of cybersecurity for organizations, particularly those that handle sensitive data. According to a report by IBM Security, the average cost of a data breach is $3.86 million. The cost includes direct costs, such as notification and legal fees, as well as indirect costs, such as lost business and reputational damage.

To mitigate the risk of cyber attacks, organizations should implement robust cybersecurity measures, including multi-factor authentication, encryption, and regular software updates. They should also educate their employees about the importance of cybersecurity and provide them with the tools and resources they need to stay safe online.

The incident at HPE is a reminder that no organization is immune to cyber attacks. State-sponsored hacking groups, in particular, pose a significant threat to organizations across various industries. It is essential that organizations take a proactive approach to cybersecurity to protect themselves from these threats and minimize the damage caused by any breaches.

In conclusion, the data breach at Hewlett Packard Enterprise is a significant setback for the company, which has been working to transform itself into a leading player in the cloud computing market. The breach, which was carried out by a Russian state-sponsored hacking group, affected a small percentage of HPE mailboxes belonging to individuals in various business segments and functions. The incident is a reminder of the increasing threat posed by state-sponsored hacking groups to organizations across various industries and the importance of robust cybersecurity measures to mitigate the risk of cyber attacks. Organizations should take a proactive approach to cybersecurity to protect themselves from these threats and minimize the damage caused by any breaches.