Russian Intelligence Suspected in Hewlett Packard Enterprise Cyberattack, Following Similar Microsoft Breach

Russian Intelligence Suspected in Hewlett Packard Enterprise Cyberattack, Following Similar Microsoft Breach

Hewlett Packard Enterprise (HPE) recently disclosed a major security breach in an SEC filing, revealing that suspected Russian intelligence, specifically the group APT29 (also known as Cozy Bear or Midnight Blizzard), was behind the attack. The breach mirrors an earlier attack on Microsoft, highlighting the increasing threat posed by state-sponsored cyberattacks on large U.S. tech companies. Both companies play critical roles in cloud services, serving numerous government and defense clients, making them attractive targets for foreign intelligence operations.

According to the SEC filing, the breach occurred in May 2023 but was only detected in December 2023. HPE noted that the attackers gained access to a small portion of Office 365 mailboxes, primarily those belonging to its cybersecurity team and go-to-market departments. This disclosure raises concerns due to the sensitive nature of the departments affected, as well as the company’s role in providing critical services to government and defense clients.

Details of the Attack

HPE’s investigation revealed that the hackers, associated with APT29, accessed and exfiltrated data from the affected mailboxes. This breach is particularly concerning as APT29 is notorious for its involvement in high-profile cyberattacks, including the 2020 SolarWinds breach, which compromised several U.S. federal agencies and private companies. The group, linked to Russia’s Foreign Intelligence Service (SVR), is known for its sophisticated espionage tactics, often targeting government and military data.

The breach on HPE was reported shortly after Microsoft disclosed a similar attack by APT29 on its own systems. In Microsoft’s case, the hackers gained access to corporate email accounts, including those of senior executives and security professionals. The group reportedly sought information related to their own activities, a tactic consistent with previous espionage operations.

HPE’s systems were compromised despite the company’s previous efforts to strengthen its cybersecurity measures following past incidents, including a breach in 2018 by Chinese hackers targeting its cloud networks​(BleepingComputer)​(Enterprise Technology News and Analysis). Both companies have since collaborated with law enforcement and external cybersecurity experts to investigate the incidents further.

The Significance of APT29 and Russian Cyber Tactics

APT29, also known as Cozy Bear, is one of the most sophisticated hacking groups in the world, closely associated with Russia’s Foreign Intelligence Service (SVR). The group has been linked to numerous high-profile attacks, with its hallmark being the SolarWinds supply chain attack in 2020. The aim of such breaches is often espionage, seeking sensitive governmental or corporate information to benefit Russian state interests​(Cisco Duo). Experts suggest that by targeting companies like HPE and Microsoft, the group may be seeking vulnerabilities in critical supply chains, which could lead to broader and more damaging attacks.

Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), has commented on the strategic nature of these attacks. He noted that such operations aim to uncover weaknesses that could be exploited in future attacks, much like the SolarWinds incident​(BleepingComputer)​(Cisco Duo). Given the ongoing nature of these threats, companies like HPE and Microsoft, which provide essential services to both private and governmental sectors, must remain vigilant.

Broader Implications and Regulatory Response

The HPE and Microsoft breaches are part of a larger trend of increasing cyberattacks from state-sponsored groups. The growing frequency of these attacks has led to tighter regulatory scrutiny, especially from the U.S. Securities and Exchange Commission (SEC). Both HPE and Microsoft disclosed these breaches under new SEC rules, which require companies to report material cybersecurity incidents within four business days.

While both companies have stated that the incidents have not yet had a material impact on their operations or financial performance, these disclosures mark a significant shift towards more transparency in cybersecurity. The SEC’s new guidelines are part of a broader effort to hold companies accountable for their cybersecurity practices and ensure that investors are aware of potential risks​(Cisco Duo)​(Enterprise Technology News and Analysis).

Despite this increased transparency, many cybersecurity experts argue that the scale of these attacks is indicative of the broader vulnerability of even the most secure networks. As these incidents demonstrate, nation-state actors like APT29 remain persistent and adaptable, capable of infiltrating some of the most well-defended networks in the world.

In conclusion, the recent breaches at HPE and Microsoft underscore the ongoing cyber threats from Russian intelligence and the need for continued vigilance in the face of sophisticated state-sponsored attacks. These incidents also highlight the importance of regulatory measures to ensure companies disclose and respond to cybersecurity threats promptly, as they continue to evolve in complexity and scale.

Related Videos:

Related Posts:

What Will Iran’s October 7-Level Cyberattack on Israel Look Like?

Former Canadian Politician Linked to Foreign Government in Suspected Parliament Influence: CSIS Report

Magna executives pay no price for Russian misadventure

China-Backed Hackers Hijack 9,200 Canadian Devices to Operate Illegal Hacking Network: FBI and CSIS

Suspected State-Sponsored Hack Targets British Columbia Government Networks

Facebook and Twitter Uncover and Dismantle Russian IRA Influence Network Ahead of US Elections

Microsoft and Other Companies Targeted in Russian Hacking Campaign: Insights and Impacts

Russian hackers are eight times faster than North Korean groups