Hewlett Packard Enterprise (HPE) is the latest victim of suspected Kremlin-linked hackers from the APT29 group, known as BlueBravo and Cozy Bear, who infiltrated the company’s cloud email environment. The intrusion, detected in May 2023 and disclosed in a regulatory filing with the U.S. Securities and Exchange Commission, resulted in the unauthorized access and exfiltration of data from a small percentage of HPE mailboxes. The affected mailboxes belonged to individuals in various functions, including cybersecurity, go-to-market, and business segments. The disclosure follows Microsoft’s recent revelation of a similar threat actor breaching its corporate systems in November 2023.
APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been associated with high-profile cyber attacks, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise. HPE confirmed that the threat actor persisted undetected within its network for over six months, emphasizing that the incident has not materially impacted its operations to date. The company was notified of the breach on December 12, 2023, and noted a likely connection to a prior security event attributed to APT29, involving unauthorized access and exfiltration of SharePoint files in May 2023, which HPE became aware of in June 2023.
While the scale of the attack and the specific email information accessed were not disclosed, the incident underscores the ongoing threat posed by state-sponsored cyber espionage groups. The persistent nature of APT29’s activities, targeting both HPE and Microsoft, highlights the need for heightened cybersecurity measures and vigilance against sophisticated threat actors. The disclosure serves as a reminder of the evolving landscape of cyber threats, with nation-state actors playing a prominent role in targeting organizations for sensitive information and intellectual property.
