Hewlett Packard Enterprise (HPE), a giant in the technology industry, has become the latest victim of a sophisticated cyberattack believed to be orchestrated by the notorious Russian nation-state actor, Cozy Bear. This revelation comes shortly after a similar breach was disclosed by Microsoft, indicating a pattern of heightened cyber aggression by the group.
The Breach Unfolding: HPE's Disclosure to the SEC
The severity of the situation was highlighted in an 8-K filing by HPE with the U.S. Securities and Exchange Commission on January 24. The document detailed a breach first identified on December 12, 2023, in which Cozy Bear gained unauthorized access to HPE's cloud-based email environment. Following the discovery, HPE engaged external cybersecurity experts to contain and investigate the breach.
Understanding Cozy Bear's Tactics
Cozy Bear, also known as APT29, Midnight Blizzard, and Nobelium, is an advanced persistent threat (APT) group with ties to the Russian government's Foreign Intelligence Service. Known for their sophisticated methods, Cozy Bear was infamously involved in the 2020 supply-chain attack against SolarWinds. HPE's disclosure suggests that the data breach, starting as early as May 2023, affected a small number of mailboxes in critical segments like cybersecurity and business operations.
Linking Past and Present Incidents
HPE believes this incident is connected to previous unauthorized activities detected in June 2023, involving a limited number of SharePoint files. Despite immediate containment and remediation measures, the company acknowledges the ongoing nature of the investigation and potential links to past breaches.
Comparative Analysis with Microsoft's Breach
This recent attack mirrors the breach disclosed by Microsoft last week. Microsoft reported that Midnight Blizzard had accessed a small percentage of corporate email accounts, including those of senior leadership, through a password spray attack against a legacy account.
Expert Insights on the Breach
Craig Burland, CISO of Inversion6, commented on the situation: "Cozy Bear’s latest incursions are a not-so-subtle reminder of two things: 99% isn’t good enough in cybersecurity and if the high-level APTs want to get in, they will. The compromise of a single user credential led to a bigger prize for Cozy Bear." He emphasized the need for perfect prevention, despite its high cost and complexity.
Stu Sjouwerman, CEO of KnowBe4, also weighed in: “HPE's situation underscores a critical reality in today’s digital landscape – no organization, no matter how sophisticated, is immune to cybersecurity threats." Sjouwerman highlighted the importance of robust digital defenses and compliance with new SEC disclosure rules.
HPE's Ongoing Response and Commitment to Transparency
In response to the breach, HPE is cooperating with law enforcement and preparing to make regulatory notifications as required. The company has emphasized that while there has been no significant operational impact, they are committed to transparency and compliance, as evidenced by their SEC filing.
A Cautionary Tale for the Digital Age
This incident serves as a stark reminder of the ever-present cyber threats facing organizations today, particularly from state-sponsored actors. As companies like HPE and Microsoft grapple with the aftermath of such sophisticated attacks, the importance of advanced cybersecurity measures and preparedness for potential breaches has never been more critical.