Russian government hackers gained access to the cloud-based email environment of technology manufacturer Hewlett-Packard Enterprise (HPE) and stole information from email accounts belonging to a small portion of individuals involved in the company’s cybersecurity, go-to-market, business segments, and other functions.
HP said in its SEC filing that the attack was orchestrated by Midnight Blizzard (aka APT29, Cozy Bear and Nobelium), the same threat actor that previously targeted Microsoft in a similar attack. In the case of the Windows maker, the attackers compromised the email accounts of the company’s employees, including senior staff, and “exfiltrated some emails and attached documents.”
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” HP noted.
The company said the incident is related to earlier activity by Midnight Blizzard, detected in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.
HP added that the attack had caused no financial damage.