Hewlett Packard Enterprise also searched by Cozy Bear

Hewlett Packard Enterprise (HPE) has disclosed that the state-sponsored actor known as Cozy Bear (aka Midnight Blizzard), gained unauthorized access to HPE’s cloud-based email environment.

This news comes only days after Microsoft broke very similar news that it got hacked by this same state sponsored group. Cozy Bear, who is generally linked to the Russian Foreign Intelligence Service, also known as the SVR, seems to be extremely curious to find out the intelligence information several tech giants gathered about it.

HPE stated in a form K-8 filing with the U.S. Securities and Exchange Commission (SEC) that:

“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.”

So far, the ongoing investigation showed that HPE’s cloud email environment was compromised in May of 2023, at which point Cozy Bear stole a limited number of SharePoint files.

In a statement to CRN last Wednesday, HPE said the impacted cloud email system was a Microsoft Office 365 environment, and said that the attacker leveraged a compromised account to access the email environment.

The accessed data was limited to information contained in the users’ mailboxes. As the investigation stands now, the company says the incident has not had a material impact on its operations, and is reasonably unlikely to materially impact the company’s financial condition or results of operations.

It is unsure if the Microsoft and HPE incidents are linked. Even though the news came out days apart, the actual incidents were months apart: HPE in May and Microsoft in November. However, in both incidents there is a notable focus on security staff and so it appears that Cozy Bear is trying to find out what information US tech giants have about it.

Without further details though, it’s all speculation. The question is if we will ever hear these details.


Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

https://blog.malwarebytes.com/feed/