Skip to main content
close search
site logo
Dive Brief

HPE hit by a monthslong cyberattack on its cloud-based email

The attack by Midnight Blizzard, the group that recently hit Microsoft, stole emails and data from HPE employees in cybersecurity and other business units.

Published Jan. 25, 2024
Matt Kapko's headshot
Senior Reporter
Front of Hewlett Packard Enterprise's campus in Houston.
People walk out of the front entry of Hewlett Packard Enterprise's campus in Houston. Courtesy of HPE

Dive Brief:

  • Hewlett Packard Enterprise was hit by a monthslong cyberattack that compromised the enterprise vendor’s cloud-based email environment, the company said Wednesday in a filing with the Securities and Exchange Commission.
  • Corporate data from a “small percentage” of HPE mailboxes and a “limited number” of SharePoint files belonging to employees in cybersecurity and other business units was accessed and stolen starting in May, the company said. 
  • HPE said it was notified on Dec. 12 that a suspected state-sponsored threat actor, Midnight Blizzard, gained access to its email system. The Russia-affiliated group, also known as Cozy Bear, recently stole emails and other data from senior-level Microsoft executives. A company spokesperson declined to say who notified HPE of the suspected nation-state attack.

Dive Insight:

The attacks against HPE and Microsoft, both of which were disclosed in the past week, underscore Midnight Blizzard’s ability to gain footholds, maintain persistent access and remain undetected for months in at least two highly resourced enterprise firms.

The threat actor, formerly known as Nobelium, was behind the 2020 Sunburst attacks against SolarWinds and other companies.

“HPE eradicated the activity in our email environment shortly after being notified on Dec. 12, and we have observed no additional activity by the actor,” the company spokesperson said.

HPE said it was previously notified in June of unauthorized access to and exfiltration of company SharePoint files, which it immediately investigated and contained. Yet, the company determined the recently discovered theft of emails and other data was related to the same intrusion and threat actor, according to the SEC filing.

“The total scope of mailboxes and emails accessed remains under investigation,” HPE said in the filing.

The company said it disclosed the attack once its investigation concluded doing so would be in compliance with the new SEC cyber incident reporting rules.

“As of the date of this filing, the incident has not had a material impact on the company’s operations, and the company has not determined the incident is reasonably likely to materially impact the company’s financial condition or results of operations,” HPE said.

Filed Under: Breaches, Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
Whalebone Ranks Third Straight Year Among Central Europe’s 50 Fastest-Growing Companies
From Whalebone
November 25, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Editors' picks
Latest in Breaches
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.