Cyberattack On Hewlett Packard Enterprise By Cozy Bear
The threat actor, identified as Midnight Blizzard or Cozy Bear, is believed to have gained unauthorized access to HPE's systems.
In a disclosure to the Securities and Exchange Commission (SEC), Hewlett Packard Enterprise Company (HPE) revealed that it had fallen prey to a cyberattack orchestrated by the Russian state-sponsored actor APT29, widely recognized as Cozy Bear or Midnight Blizzard.
Microsoft security team detected a sophisticated nation-state attack on HPE's corporate systems. On December 12, 2023, Swiftly responding to the threat, Microsoft activated its comprehensive response process, aiming to investigate, disrupt malicious activity, mitigate the attack, and prevent the threat actor.
The threat actor, identified as Midnight Blizzard or Cozy Bear, is believed to have gained unauthorized access to HPE's systems. HPE responded promptly by activating its response process and initiating an investigation, containment, and remediation efforts with the assistance of external cybersecurity experts. The company successfully eradicated the malicious activity.
Cyberattack on Hewlett Packard Enterprise
The investigation unveiled that the threat actor had accessed and exfiltrated data starting in May 2023 from a limited number of HPE mailboxes, particularly those belonging to individuals in cybersecurity, go-to-market, business segments, and other functions.
This cyberattack on Hewlett Packard Enterprise appears to be connected to earlier activity by the same threat actor, which HPE was made aware of in June 2023. The previous incident involved unauthorized access and exfiltration of a restricted number of SharePoint files as early as May 2023.
HPE has been forthcoming in notifying and cooperating with law enforcement agencies. The company is also evaluating its regulatory notification obligations and will make notifications as necessary based on the findings of its ongoing investigation.
As of the current filing date, the incident has not materially impacted HPE's operations, and the company has not determined that it is reasonably likely to have a substantial effect on its financial condition or results of operations.
The Official Filing
It's essential to note that this disclosure of the cyberattack on Hewlett Packard Enterprise is in compliance with the Form 8-K requirements and contains forward-looking statements as defined by the safe harbor provisions of the Private Securities Litigation Reform Act of 1995.
HPE acknowledges the existence of risks, uncertainties, and assumptions related to these statements. The company emphasizes that if the risks or uncertainties materialize or assumptions prove incorrect, it may result in outcomes that differ materially from those expressed or implied in the forward-looking statements.
Hewlett Packard Enterprise highlights its commitment to transparency and compliance, assuring stakeholders that it will continue to provide updates on the incident as needed. The company also reaffirms its adherence to legal obligations and regulations surrounding cybersecurity incidents.
