TLDR:
- Russian hackers linked to the Kremlin have breached tech giant HP Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.
- The intrusion has been attributed to a Russian state-sponsored group known as APT29, which has also been linked to the breach of Microsoft’s corporate systems in late November 2023.
Hackers with suspected links to the Kremlin have hacked into the cloud email environment of tech giant HP Enterprise (HPE) to steal mailbox data. The group behind the breach is thought to be APT29, a Russian state-sponsored group that has also been linked to the November 2023 breach of Microsoft’s corporate systems. HPE was notified of the breach on December 12, 2023, and believes the hackers had access to its network undetected for over six months. The company has acknowledged that the attack is likely connected to a prior security event in May 2023, during which unauthorized access to and exfiltration of a limited number of SharePoint files occurred.
APT29, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard, and The Dukes, has a history of high-profile hacks and is believed to be part of Russia’s Foreign Intelligence Service (SVR). Notably, the group was responsible for the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.
Despite the breach, HPE has stated that the incident has not had a material impact on its operations to date. However, the company has not disclosed the scale of the attack or the specific email information that was accessed. HPE’s breach follows an increasing trend of cyber attacks conducted by nation-states and highlights the need for robust cybersecurity measures.