In a recent regulatory filing, Hewlett Packard Enterprise (HPE) announced that its cloud-based email system fell victim to a cyberattack carried out by a state-sponsored actor known as Midnight Blizzard or Cozy Bear. This same Russian intelligence group was also responsible for the notorious SolarWinds hack in 2020, as well as gaining unauthorized access to Microsoft executives' emails, a breach revealed by Microsoft last week.

According to HPE, the threat actor managed to infiltrate and extract data starting from May 2023, targeting a small percentage of HPE mailboxes. The compromised accounts belonged to individuals working in various departments, including cybersecurity, go-to-market, business segments, and other functions.

HPE stated that it is currently investigating the incident, suspecting a connection to a separate event that took place in June 2023. During that incident, the hackers were able to compromise a limited number of SharePoint files as early as May 2023, as mentioned in the regulatory filing. The company swiftly responded to the June notice by engaging external cybersecurity experts to assist in the investigation, implement containment measures, and undertake necessary remediation actions to eradicate the unauthorized activity. HPE stated that based on their actions, they concluded that the breach did not have a material impact on the company.

In January, Microsoft disclosed that the same hacking group, known as Nobelium or APT29, had compromised email accounts belonging to high-ranking executives. The revelation further underscores the far-reaching capabilities and persistence of this state-sponsored cyber actor.

HPE's disclosure of this cyberattack highlights the ongoing threats and challenges faced by organizations in safeguarding cloud-based systems. It serves as a reminder of the growing sophistication of state-sponsored actors and the need for continuous vigilance and investment in robust cybersecurity measures.

As this is a developing story, further updates on the investigation and any potential implications will be provided as more information becomes available.