"HPE Says Russian Government Hackers Had Access to Emails for 6 Months"

In a recent SEC filing, Hewlett Packard Enterprise (HPE) revealed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government.  The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment.   HPE says that it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023.  The company stated that the hackers targeted “a small percentage of HPE mailboxes” used by staff in cybersecurity, go-to-market, business segments, and other departments.  The company noted that while its investigation of this incident and its scope remains ongoing, it now understands this incident is likely related to earlier activity by this threat actor, of which they were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.  HPE does not expect the incident to have a material impact.  Midnight Blizzard is a cyberespionage-focused group also known as APT29, Cozy Bear, The Dukes, Nobelium, and Yttrium, and it’s one of the most active and sophisticated threat actors linked to the Russian government. 

SecurityWeek reports: "HPE Says Russian Government Hackers Had Access to Emails for 6 Months"