Cozy Bear Infiltrates Hewlett Packard Enterprise
Hewlett Packard Enterprise (HPE) recently disclosed a significant security breach to the Securities and Exchange Commission (SEC). The incident, orchestrated by the Russian hacker group known as Cozy Bear, involved unauthorized access to HPE's Microsoft Office 365 email environment. This breach allowed the extraction of sensitive data from several departmental accounts, including the cybersecurity team.
Details of the Breach
The breach was first identified on December 12th, though it is believed that the unauthorized access began in May 2023. Cozy Bear, also identified as Midnight Blizzard, APT29, and Nobelium, is a Russian state-sponsored hacking entity. The group is notorious for its sophisticated cyber attacks and has been linked to various high-profile incidents, including the 2020 SolarWinds supply chain attack.
According to the report filed with the SEC, the breach compromised a small percentage of HPE mailboxes, affecting individuals in departments such as cybersecurity, go-to-market, business segments, and other functions. The company has initiated an in-depth investigation into the breach in collaboration with external cybersecurity experts and law enforcement agencies.
HPE's Response and Impact Assessment
In response to the incident, HPE activated its cyber response protocols to address the breach, containing the threat and initiating remediation measures. The company emphasized that the accessed data was confined to the information contained within the affected users' mailboxes. HPE also highlighted that there has been no operational impact on their business thus far, and the financial implications of the incident are not expected to be material.
As part of its commitment to transparency and regulatory compliance, HPE filed a form 8-K with the SEC, detailing the nature and extent of the breach. This move aligns with the company's efforts to adhere to new regulatory disclosure guidelines and to ensure that investors and stakeholders are adequately informed about the incident.
The breach at HPE serves as a critical reminder of the persistent threat posed by state-sponsored cyber actors like Cozy Bear. It underscores the importance of robust cybersecurity measures and the need for constant vigilance and proactive response strategies to protect sensitive data and maintain organizational integrity​