Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers

Hackers with suspected ties to the Russian government gained access to the technology manufacturer Hewlett Packard Enterprise Co.’s (HPE) cloud-based email environment, the company said Wednesday.

In a filing with SEC regulators on Wednesday afternoon, HPE said it was notified on December 12 that hackers connected to Cozy Bear, also known as Midnight Blizzard, had breached its network and spent months exfiltrating data. The company did not respond to requests for comment about who notified them of the incident.

“The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity,” the company explained.

“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

Known primarily as APT29, the group is believed to be part of Russia’s Foreign Intelligence Service (SVR) which is responsible for foreign espionage and electronic surveillance. The hackers have been behind some of Russia’s most devastating attacks on the U.S., including the 2020 SolarWinds hack and the 2016 attack on the Democratic National Committee.

HPE is still in the midst of an investigation into the incident but said the attack was “likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.”

The company hired experts to investigate the June attack but determined at the time that it did not “materially impact” HPE’s operations. The incident was not publicized at the time.

HPE is now working with law enforcement agencies and said it will notify people affected based on the results of the investigation.

“As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.

HPE is the second tech giant over the last week to alert the public of the theft of emails by Cozy Bear.

Last Friday, Microsoft said that beginning in November 2023 the group hacked into the email accounts of senior leaders at Microsoft in search of information about their own activities.