Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

25.01.2024

Suspected hackers linked to the Kremlin are believed to have breached the cloud email environment of Hewlett Packard Enterprise (HPE), an information technology company. In a recent regulatory filing with the U.S. Securities and Exchange Commission (SEC), HPE revealed that a threat actor associated with the Russian state-sponsored group APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, gained unauthorized access to and exfiltrated data from a small percentage of HPE mailboxes. The affected mailboxes belonged to individuals in various departments, including cybersecurity, go-to-market, and business segments.

The breach reportedly began in May 2023, and HPE was notified of the incident on December 12, 2023. This means that the threat actors operated within HPE’s network undetected for more than six months. The intrusion is suspected to be linked to a previous security event attributed to APT29, involving unauthorized access to and exfiltration of a limited number of SharePoint files in May 2023. HPE was made aware of this activity in June 2023.

It is worth noting that HPE emphasized that the incident has not had any material impact on its operations so far. The company did not disclose the scale of the attack or specify the exact email information that was accessed during the breach.

This disclosure comes shortly after Microsoft implicated the same threat actor in a breach of its corporate systems in late November 2023. In that incident, APT29 targeted Microsoft’s cybersecurity and legal departments, stealing emails and attachments from senior executives.

APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been associated with notable cyberattacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.