Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.
“The threat actor accessed and exfiltrated data starting in May 2023 from a small percentage of HPE mailboxes belonging to individuals across our cybersecurity, go-to-market, business segments, and other functions,” he said. the company stated in a regulatory filing with the United States. Securities and Exchange Commission (SEC).
The intrusion was attributed to the Russian state-sponsored group known as APT29, and which is also tracked under the nicknames BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium) and The Dukes.
The disclosure comes just days after Microsoft implicated the same threat actor in breaching its enterprise systems in late November 2023 to steal emails and attachments from senior executives and other individuals in the company’s legal and cybersecurity departments.
HPE said it was made aware of the incident on December 12, 2023, meaning the threat actors remained within its network undetected for more than six months.
It also noted that the attack is likely linked to a previous security event, also attributed to APT29, which resulted in unauthorized access and exfiltration of a limited number of SharePoint files as early as May 2023. It was alerted to the malicious activity in June 2023.
HPE, however, stressed that the incident has so far had no material impact on its operations. The company did not disclose the scope of the attack and the exact email information that was accessed.
APT29, believed to be part of Russia’s Foreign Intelligence Service (SVR), has been behind some high-profile hacks in recent years, including the 2016 attack on the US Democratic National Committee (DNC) and the compromise of the supply chain of 2020 SolarWinds.