Late Wednesday, Hewlett Packard Enterprise (HPE), a major cloud computing provider, disclosed that it had fallen victim to a cyberattack orchestrated by a suspected Russian intelligence team. This revelation marks the second major hack of a prominent U.S. internet company reported within the month.
In a filing with the Securities and Exchange Commission (SEC), HPE stated that it became aware of the breach on January 12. The attack facilitated the theft of emails belonging to its cybersecurity personnel and other individuals. This disclosure follows a similar incident reported by Microsoft on the preceding Friday, which detailed the loss of senior executive emails and those of security professionals in another suspected Russian-linked breach.
HPE did not specify how the attack was detected but revealed that the intruders initially accessed its systems in May 2023. The compromised data included the contents of a “small percentage” of overall Office 365 mailboxes, primarily from departments such as cybersecurity and marketing.
Both HPE and Microsoft cater to a significant number of government and defense clients. In both instances, the blame was placed on a group associated with Russia’s SVR foreign intelligence service, the same group responsible for the extensive 2020 breach involving SolarWinds. This breach began with tampered software at SolarWinds and infiltrated the computer systems of nine federal agencies, a significant cybersecurity incident.
Chris Krebs, Chief Intelligence Officer at security company SentinelOne and former head of cybersecurity at the Department of Homeland Security, noted the strategic implications of targeting companies like HPE. Krebs commented, “It’s almost like a portfolio play by the SVR to see who’s on to them and maybe look for SolarWinds-like opportunities to compromise various aspects of the supply chain.”
The disclosure comes amid tightened rules for reporting hacking incidents promptly. Both HPE and Microsoft indicated that they had not yet determined whether the breach and its aftermath would have a “material” impact on their finances. This cautious statement suggests that the companies are filing in accordance with regulatory requirements rather than signaling immediate financial repercussions.
Both companies affirmed that they are collaborating with law enforcement agencies and are actively conducting ongoing investigations into the cyberattacks. As of now, U.S. intelligence officials have not provided an immediate response to requests for comment on the matter.
