Kremlin-linked hackers are suspected of penetrating the cloud email environment of information technology company Hewlett Packard Enterprise (HPE) to steal email data.
“Beginning in May 2023, threat actors accessed and accessed a small number of HPE mailboxes belonging to individuals belonging to our cybersecurity, go-to-market, business units and other functions,” the company said in a U.S. regulatory filing. Stolen data.” Securities and Exchange Commission (SEC).
The intrusion has been attributed to a Russian state-sponsored group called APT29, which has also been tracked by names such as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.
Days ago, Microsoft suggested that the same threat actor breached its corporate systems in late November 2023, stealing emails and attachments from senior executives in the company’s cybersecurity and legal departments and others.
HPE said it was notified of the incident on December 12, 2023, meaning the threat actor persisted undetected in its network for more than six months.
It also noted that the attack may be related to a previous security incident, also attributed to APT29, which involved unauthorized access and exfiltration of a limited number of SharePoint files back in May 2023. It received an alert about malicious activity in June 2023.
However, HPE stressed that the incident has not had any significant impact on its operations so far. The company did not disclose the scale of the attack or the exact email messages that were accessed.
APT29, assessed as part of Russia’s Foreign Intelligence Service (SVR), has been behind a number of high-profile hacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 breach of the SolarWinds supply chain.
