In a Security and Exchange filing, the IT product provider noted that the attack occurred on January 12. They suspect that Russia’s foreign intelligence service ‘Cozy Bear’ was behind the attack.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” HPE, which is based in Spring, Texas, said in the filing.
HP’s spokesperson, Adam R. Bauer, was contacted through his email, however, he did not make it clear who exactly informed HPE of the breach. “We’re not sharing that information at this time,” Bauer noted the compromised email boxes were running Microsoft software.
In the filing, HPE said the intrusion was “likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files.” SharePoint is a component of Microsoft's Office 365 suite, which also contains word processing, spreadsheet, and email tools.
SharePoint is part of Microsoft’s 365 suite, formerly known as Office, which includes email, word-processing and spreadsheet apps.
HPE is unable to say whether the network compromise was connected to the intrusion that Microsoft revealed last week, since "we do not have the details of the incident Microsoft disclosed," according to Bauer.
Also, he did not specify where the affected employee, whose accounts the hackers had access to, belonged in the company’s hierarchy.
According to the sources, “The total scope of mailboxes and emails accessed remains under investigation.”
As per the report, HPE has ascertained that the intrusion has not had any significant effect on the company's financial stability or operations. Both announcements coincide with the implementation one month ago of a new rule by the U.S. Securities and Exchange Commission requiring publicly traded corporations to report security breaches that may hurt their operations. Unless they are granted a national security waiver, they have four days to comply with this.