Hewlett-Packard Enterprise (HPE), a major cloud computing provider, has fallen victim to a cyberattack by a suspected Russian intelligence team. This breach marks the second attack on a major U.S. internet company reported this month, following Microsoft’s disclosure of a similar incident. HPE revealed in a filing with the Securities and Exchange Commission (SEC) that it was notified of the breach on January 12th, 2023. The hackers managed to steal emails from HPE’s cybersecurity employees and others.
The attack on HPE is believed to have been orchestrated by a group associated with Russia’s SVR foreign intelligence service, the same group responsible for the massive SolarWinds breach in 2020. HPE and Microsoft, both having numerous government and defense customers, are prime targets for such intrusions. The hackers were likely seeking information on what these companies knew about their activities.
While HPE did not disclose how the attack was uncovered, it revealed that the intruders gained access to its systems in May 2023. They targeted a “small percentage” of overall Office 365 mailboxes, primarily belonging to the cybersecurity and marketing departments. This breach raises concerns about the security of sensitive data and highlights the need for robust cybersecurity measures.
Chris Krebs, Chief Intelligence Officer at security company SentinelOne and former head of cybersecurity at the Department of Homeland Security, commented on the significance of this breach. He noted that HPE’s stature as a major cloud service provider and its recent acquisition of Juniper Networks make it an attractive target for hackers. Krebs suggested that the SVR may be conducting a “portfolio play” to identify potential vulnerabilities in the supply chain, similar to the SolarWinds attack.
Both HPE and Microsoft are cooperating with law enforcement agencies and conducting thorough investigations into the breaches. The companies have not yet determined whether these incidents will have a significant financial impact. However, they have chosen to disclose the breaches out of an abundance of caution, following tightened rules for reporting hacking incidents.
The response from U.S. intelligence officials regarding these breaches is still pending. It remains to be seen how the government will address these cyberattacks and what measures will be taken to prevent future incidents. In the face of increasingly sophisticated hacking attempts, it is crucial for companies and governments to remain vigilant and prioritize cybersecurity to safeguard sensitive information.