- Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by the state-sponsored actor known as Midnight Blizzard or Cozy Bear.
- The group behind the hack is the same Russian intelligence group responsible for the SolarWinds hack in 2020, as well as accessing Microsoft executives' emails, a breach Microsoft announced last week.
- HPE said the group "accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions."
Hewlett Packard Enterprise said Wednesday that its cloud-based email system was compromised by the Russian state-sponsored hacking group known as Midnight Blizzard or Cozy Bear.
The enterprise tech giant revealed the hack in a regulatory filing, saying it was notified in December 2023 that "the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions."
HPE said it is still investigating the hack, which it believes was related to another incident that occurred in June 2023. During that event, the hackers managed to compromise "a limited number of SharePoint files as early as May 2023," HPE wrote in the filing.
Get top local stories in Connecticut delivered to you every morning. >Sign up for NBC Connecticut's News Headlines newsletter.
"Following the notice in June, we immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity," the company wrote. "Upon undertaking such actions, we determined that such activity did not materially impact the Company."
HPE said it is working with law enforcement and will provide regulatory notifications if required as the investigation proceeds. So far, HPE said the hack "has not had a material impact" and that it "has not determined the incident is reasonably likely to materially impact" its financial health or operations.
Money Report
Earlier in January, Microsoft said the hacking group, which is also referred to as Nobelium or APT29, compromised some of the email accounts of its high-ranking executives. In 2020, the same Russian intelligence-linked hacking group also conducted the infamous breach of government supplier SolarWinds.
Both the U.S. Cybersecurity and Infrastructure Security Agency and Microsoft have previously linked the state-sponsored hacking group with the Russian foreign intelligence service SVR.
Microsoft and HPE's disclosure of their respective breaches by the Russian-linked hacking group follows newly enacted U.S. Securities and Exchange Commission rules requiring companies to disclose material cybersecurity incidents.
HPE shares were flat in after-hours trading Wednesday at $15.76.
Watch: Microsoft hack could've been the start of a "pretty significant campaign."
Don't miss these stories from CNBC PRO:
- The S&P 500 is officially in a bull market now. Here's how long they typically last
- The early winner in the bitcoin ETF race has raked in $1 billion
- Goldman Sachs names its top stocks for 2024, including this solar company
- CD rates are coming down. Here's where you can lock in yields of nearly 5% for 2 years
- Buy the dip in these bitcoin mining stocks over the next two months, Bernstein says