Listen to this Post
2025-02-07
Hewlett Packard Enterprise (HPE) recently confirmed a cyberattack where Russian state-sponsored hackers accessed sensitive employee data through the company’s Office 365 email environment in May 2023. This breach has led to the exposure of personal information, including driver’s licenses, credit card numbers, and Social Security numbers, affecting at least 16 employees.
In line with legal requirements, HPE began notifying impacted individuals in January 2025. The breach was traced to Cozy Bear, a Russian hacking group tied to other major attacks like the 2020 SolarWinds incident. Alongside the email breach, there was also a breach of HPE’s SharePoint server, indicating a broader infiltration. The company has a history of security breaches, with previous incidents involving Chinese and other threat actors.
Summary:
Hewlett Packard Enterprise (HPE) has informed employees about a significant data breach caused by Russian state-sponsored hackers. In May 2023, hackers from the group Cozy Bear accessed the company’s Office 365 email environment and compromised the data of at least 16 employees, including sensitive personal details such as driver’s licenses, credit card numbers, and Social Security numbers.
The breach was discovered through a forensic investigation, and HPE started sending notifications to affected employees in January 2025. The attack was attributed to Cozy Bear, a group with ties to the Russian Foreign Intelligence Service (SVR) and known for high-profile attacks like the 2020 SolarWinds breach.
The compromised data was limited to information in the email inboxes of certain employees, particularly those working in cybersecurity, business, and go-to-market functions. In addition to the email hack, HPE confirmed another related breach in May 2023, involving the company’s SharePoint server, where hackers stole files.
HPE’s Office 365 breach is believed to have started with a compromised account, allowing Cozy Bear to exfiltrate data from a small group of mailboxes. The company has investigated the breach thoroughly and has begun notifying affected employees as required by law.
This latest incident adds to a history of HPE breaches, including a 2018 attack linked to Chinese hackers and another involving its Aruba Central network monitoring platform in 2021. In 2024 and 2025, HPE also investigated claims of further breaches involving stolen credentials and source code.
What Undercode Says:
This incident represents a growing trend of highly sophisticated cyberattacks aimed at global enterprises, with state-sponsored threat groups increasingly targeting email and cloud environments. Cozy Bear’s involvement is particularly concerning given the group’s history of exploiting critical infrastructure and corporate networks. The attack on HPE highlights a significant vulnerability in Office 365 environments, where sensitive data can be accessed and exfiltrated without detection for extended periods.
HPE’s response to the breach, including timely notification to affected employees, aligns with industry standards for handling such incidents. However, the underlying cause—compromise via a legitimate account—raises questions about the effectiveness of current security measures in preventing access by unauthorized entities, especially state-backed actors.
The breach also signals that cyberattacks are not just limited to data exfiltration but are becoming part of broader intelligence-gathering efforts by state-sponsored groups. These attackers often use compromised accounts to infiltrate business networks and extract valuable proprietary and personal information, which can be used for espionage, financial gain, or disruption.
Moreover, the link between this breach and the earlier SharePoint server incident demonstrates a concerning trend where multiple attack vectors are exploited in a single attack campaign. It is not just about breaching a single system but taking a more comprehensive approach, targeting different aspects of an organization’s IT infrastructure.
For HPE, this breach is another in a series of incidents that underscore the growing risk faced by global corporations in the current cyber threat landscape. The 2018 breach attributed to Chinese threat actors and the 2021 compromise of Aruba Central show that HPE has long been in the sights of nation-state hackers. These ongoing breaches suggest that the company needs to reassess its cybersecurity posture and bolster its defenses against highly targeted attacks.
The increasing frequency of cyberattacks, particularly from advanced persistent threats (APTs) like Cozy Bear, necessitates a shift in corporate security strategy. Companies must invest in more advanced threat detection, proactive monitoring, and employee training to mitigate the risk posed by these highly sophisticated adversaries. Furthermore, collaboration between private organizations and government agencies is essential in combating the growing threat from state-sponsored cybercriminals.
In conclusion, the HPE breach is a clear reminder of the evolving nature of cyberattacks and the persistent risk of targeted nation-state hacking campaigns. As these threats continue to grow, it is crucial for organizations to adopt a more resilient and adaptive cybersecurity framework to safeguard both their internal data and the personal information of their employees.
References:
Reported By: https://www.bleepingcomputer.com/news/security/hpe-notifies-employees-of-data-breach-after-russian-office-365-hack/
https://www.pinterest.com
Wikipedia: https://www.wikipedia.org
Undercode AI: https://ai.undercodetesting.com
Image Source:
OpenAI: https://craiyon.com
Undercode AI DI v2: https://ai.undercode.help
