Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

25.01.2024

 

Suspected hackers linked to the Kremlin are believed to have breached the cloud email environment of Hewlett Packard Enterprise (HPE), an information technology company. In a recent regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE revealed that a threat actor associated with the Russian state-sponsored group APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, gained unauthorized access to and exfiltrated data from a small percentage of HPE mailboxes. The affected mailboxes belonged to individuals in various departments, including cybersecurity, go-to-market, and business segments.

The breach reportedly began in May 2023, and HPE was notified of the incident on December 12, 2023. This means that the threat actors operated within HPE’s network undetected for more than six months. The intrusion is suspected to be linked to a previous security event attributed to APT29, involving unauthorized access to and exfiltration of a limited number of SharePoint files in May 2023. HPE was made aware of this activity in June 2023.

It is worth noting that HPE emphasized that the incident has not had any material impact on its operations so far. The company did not disclose the scale of the attack or specify the exact email information that was accessed during the breach.

This disclosure comes shortly after Microsoft implicated the same threat actor in a breach of its corporate systems in late November 2023. In that incident, APT29 targeted Microsoft’s cybersecurity and legal departments, stealing emails and attachments from senior executives.

APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been associated with notable cyberattacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.

Other news

Microsoft, OpenAI Warn of Nation-State Hackers Weaponizing AI for Cyber Attacks

Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations.

Read More

Microsoft Warns of New ‘FalseFont’ Backdoor Targeting the Defense Sector – 22.12.2023

Organizations in the Defense Industrial Base (DIB) sector are in the crosshairs of an Iranian threat actor as part of a campaign designed to deliver a never-before-seen backdoor called FalseFont.

Read More
en_USEnglish