HPE suffers ongoing cyberattack on cloud-based email services for months

Spread the love



Hewlett Packard Enterprise (HPE) was targeted in a lengthy cyberattack that breached the vendor’s cloud-based email system, according to a filing with the U.S. National Stock Market Commission. The attack, believed to be orchestrated by a suspected state-sponsored threat actor, Midnight Blizzard, began in May and resulted in corporate data being accessed and stolen from a small percentage of HPE mailboxes and a limited number of SharePoint files belonging to cybersecurity employees and other business units. The company was alerted to the breach on December 12 and quickly took steps to eradicate the unauthorized activity.

The attack on HPE follows similar incidents involving Microsoft, also attributed to Midnight Blizzard, revealing the threat actor’s capabilities in gaining access and operating undetected within well-resourced organizations for extended periods of time. Midnight Blizzard, previously known as Nobelium, was responsible for the 2020 Sunburst attacks targeting SolarWinds and other companies. HPE confirmed that the recent theft of emails and other data was linked to the same intrusion discovered earlier in June involving unauthorized access and exfiltration of SharePoint files.

While the investigation into the extent of the data breach is ongoing, HPE has already contained the unauthorized activity in its email environment and remains vigilant against any potential follow-up incidents by the threat actor. The company disclosed the breach in compliance with new SEC rules for reporting cyber incidents, stating that the incident has not had a significant impact on its operations at this time. HPE reassured stakeholders that it has not identified any material implications on its financial condition or results of operations as a result of the cyberattack.

The attack on HPE serves as a reminder of the persistent threat posed by cybercriminals, including state-sponsored actors, to organizations of all sizes and industries. Companies must remain proactive in their cybersecurity measures to detect and respond to threats effectively in order to safeguard sensitive data and maintain business continuity in the face of evolving cyber risks.

Article Source
https://www.cybersecuritydive.com/news/hpe-cyberattack-email-stolen/705615/