Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
malwarebytesMalwarebytes blogMALWAREBYTES:3D4636C6669E19827DD22698A1B0DF60
HistoryJan 29, 2024 - 3:58 p.m.

Hewlett Packard Enterprise also searched by Cozy Bear

2024-01-2915:58:37
Malwarebytes blog
www.malwarebytes.com
11
hewlett packard enterprise
cozy bear
state sponsored actor
russian foreign intelligence service
svr
data breach
email environment
microsoft office 365
compromised account
exfiltrated data
cybersecurity
investigation
ransomware
tech giants

AI Score

7

Confidence

Low

JSON

Hewlett Packard Enterprise (HPE) has disclosed that the state-sponsored actor known as Cozy Bear (aka Midnight Blizzard), gained unauthorized access to HPE’s cloud-based email environment.

This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsored group. Cozy Bear, who is generally linked to the Russian Foreign Intelligence Service, also known as the SVR, seems to be extremely curious to find out the intelligence information several tech giants gathered about it.

HPE stated in a form K-8 filing with the U.S. Securities and Exchange Commission (SEC) that:

> “Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

So far, the ongoing investigation showed that HPE’s cloud email environment was compromised in May of 2023, at which point Cozy Bear stole a limited number of SharePoint files.

In a statement to CRN last Wednesday, HPE said the impacted cloud email system was a Microsoft Office 365 environment, and said that the attacker leveraged a compromised account to access the email environment.

The accessed data was limited to information contained in the users’ mailboxes. As the investigation stands now, the company says the incident has not had a material impact on its operations, and is reasonably unlikely to materially impact the company’s financial condition or results of operations.

It is unsure if the Microsoft and HPE incidents are linked. Even though the news came out days apart, the actual incidents were months apart: HPE in May and Microsoft in November. However, in both incidents there is a notable focus on security staff and so it appears that Cozy Bear is trying to find out what information US tech giants have about it.

Without further details though, it’s all speculation. The question is if we will ever hear these details.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

AI Score

7

Confidence

Low

JSON