The team logo
Daily Brief Changelog
v0.7

Article Details

Scrape Timestamp (UTC): 2024-01-25 05:56:15.245

Source: https://thehackernews.com/2024/01/tech-giant-hp-enterprise-hacked-by.html

Original Article Text

Click to Toggle View

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach. Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions," the company said in a regulatory filing with the U.S. Securities and Exchange Commission (SEC). The intrusion has been attributed to the Russian state-sponsored group known as APT29, and which is also tracked under the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes. The disclosure arrives days after Microsoft implicated the same threat actor to the breach of its corporate systems in late November 2023 to steal emails and attachments from senior executives and other individuals in the company's cybersecurity and legal departments. HPE said it was notified of the incident on December 12, 2023, meaning that the threat actors persisted within its network undetected for more than six months. It also noted that attack is likely connected to a prior security event, also attributed to APT29, which involved unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023. It was alerted of the malicious activity in June 2023. HPE, however, emphasized that the incident has not had any material impact on its operations to date. The company did not disclose the scale of the attack and the exact email information that was accessed. APT29, assessed to be part of Russia's Foreign Intelligence Service (SVR), has been behind some high-profile hacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise. SaaS Security Masterclass: Insights from 493 Companies Watch this webinar to discover Critical SaaS Security Do's and Don'ts based on a study of 493 companies, offering real-world comparisons and benchmarks.

Daily Brief Summary

NATION STATE ACTIVITY // Russian APT29 Group Compromises HP Enterprise Email Systems

Russian hackers, linked to the Kremlin and known as APT29, have infiltrated HP Enterprise's cloud email environment, leading to data exfiltration.

The breach, reported in an SEC filing by HPE, involved unauthorized access to mailboxes of key personnel in cybersecurity and other vital departments.

The intrusion at HPE, reported to have begun in May 2023, lasted over six months before detection, with the company notified on December 12, 2023.

The same Russian group is believed to have conducted a similar attack against Microsoft's corporate systems in November 2023.

A prior security event, also attributed to APT29, occurred with SharePoint files being exfiltrated as early as May 2023, with HPE alerted in June 2023.

HPE claims the recent security breach has not significantly impacted its business operations, although details of the theft's extent remain undisclosed.

APT29 is linked to the Russian SVR and is known for its involvement in several high-profile cyber-attacks, including the 2016 DNC hack and the 2020 SolarWinds incident.