HPE joins the 'our executive email was hacked by Russia' club
Moscow-backed Cozy Bear may have had access to the green rectangular email cloud for six months
HPE has become the latest tech giant to admit it has been compromised by Russian operatives.
In a Wednesday regulatory filing [PDF] the enterprise titan revealed that on December 12, 2023, it was "notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE's cloud-based email environment."
HPE "immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity."
Eradicating sounds like a good thing! But sadly, this story does not have a happy ending – for three reasons.
One is that the investigation found "the threat actor accessed and exfiltrated data … from a small percentage of HPE mailboxes belonging to individuals in our cyber security, go-to-market, business segments, and other functions."
Another is that the exfiltration commenced in May 2023.
The third is that HPE detected the May incident in June 2023, and "took containment and remediation measures intended to eradicate the activity."
In other words, it looks a lot like those measures didn't work. It's unclear why HPE is confident its efforts to scare Cozy Bear away did the trick this time around.
- What Microsoft's latest email breach says about this IT security heavyweight
- Australia imposes cyber sanctions on Russian it says ransomwared health insurer
- Russia takes $13.5M bite out of Apple over in-app purchases
- Sandworm's Kyivstar attack should serve as a reminder of the Kremlin crew's 'global reach'
There's a sliver of good news for HPE investors in the filing's assertion that the most recent incident "has not had a material impact on the Company's operations, and the Company has not determined the incident is reasonably likely to materially impact the Company's financial condition or results of operations."
HPE's share price supports that assertion. It rose a couple of points and stayed solid in after hours trading once news of the hacks emerged.
Which is horrible in its own way, because it suggests investors assume big tech companies are just going to be attacked and have their secrets spilled and don't think that damages their prospects.
Where that leaves those of us who rely on major tech corporations to provide them with security advice and services is anyone's guess. In the last week alone Microsoft and HPE have both admitted to breaches. ®