In a U.S. Securities and Exchange Commission filing, HPE announced the breach occurred on December 12, perpetrated by Midnight Blizzard, known as APT29 or Cozy Bear, a group believed to be backed by the Russian government.
The hackers, linked to significant cyberattacks like the 2016 Democratic National Committee breach and the 2019 SolarWinds attack, accessed and exfiltrated data from HPE’s Office 365 email environment. HPE spokesperson Adam R. Bauer revealed that a compromised account was used to access internal HPE email boxes, affecting a small percentage of mailboxes primarily belonging to the cybersecurity, go-to-market, and business teams.
HPE connected this breach to a previous incident in May 2023, where Midnight Blizzard exfiltrated limited SharePoint files from the company. The extent of mailbox access and the exact data compromised remain under investigation, with HPE committed to appropriate notifications as required.
The news of HPE’s breach follows closely behind Microsoft’s disclosure of Midnight Blizzard’s password spray attack on corporate email accounts, including senior leadership and cybersecurity teams. The connection between the HPE and Microsoft incidents remains unclear, with HPE unable to establish a link at this time. Bauer emphasized that the breach is not expected to materially impact HPE’s business operations.