BOSTON — Hewlett Packard Enterprise announced Wednesday that suspected state-backed Russian hackers broke into its cloud-based email system and stole data from cybersecurity and other employees.
The provider of information technology products and services said in a Securities and Exchange Commission regulatory filing that it was notified of the intrusion on Jan. 12. It said it believed the hackers came from Cozy Bear, a unit of Russia’s SVR foreign intelligence service.
Microsoft reported last week that it also discovered a breach of its corporate network on January 12. The Redmond, Washington-based tech giant said the breach began in late November and also blamed Cozy Bear. It said the Russian hackers gained access to accounts of senior Microsoft executives, cybersecurity and legal staff.
Cozy Bear was behind the SolarWinds breach and focuses on collecting stealth information on Western governments, IT service providers and think tanks in the US and Europe.
“Based on our investigation, we now believe that as of May 2023, the threat actor accessed and exfiltrated data from a small percentage of the HPE mailboxes of individuals in our cybersecurity, go-to-market, enterprise segments and other features,” says HPE. , based in Spring, Texas, said in the filing.
Company spokesman Adam R. Bauer, reached by email, would not say who notified HPE of the breach. “We are not currently sharing that information.” Bauer said the compromised email boxes were running Microsoft software.
In the filing, HPE said the intrusion was “likely related to prior activity by this threat actor, which we became aware of in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files.” SharePoint is part of Microsoft’s 365 suite, formerly known as Office, which includes email, word processing and spreadsheet apps.
Bauer said HPE cannot say whether the breach of its network was related to the hack that Microsoft disclosed last week because “we do not have the details of the incident that Microsoft disclosed.”
He did not specify the seniority of the HPE employees whose accounts were accessed by the hackers. “The total size of the mailboxes and emails consulted is still being investigated.” HPE said in the filing that it has determined so far that the hack has not had a material impact on its operations or financial health. Both revelations come a month after a new U.S. Securities and Exchange Commission rule took effect, forcing publicly traded companies to disclose breaches that could negatively impact their businesses. It gives them four days to do so unless they receive a national security waiver.
HPE was spun off from legendary computer company Hewlett-Packard Inc. in 2015. from Silicon Valley, which is now mainly known for its printer activities.