TechSpot means tech analysis and advice you can trust. Read our ethics statement.
What just happened? HP is back in the news again, though for once it isn't related to the company's ink cartridge DRM. This time, Hewlett Packard Enterprises (HPE), which is an entity separate from the printers and PC business, has admitted that it was hacked by the same Russian group that compromised Microsoft's corporate network for a month last year.
HPE revealed the incident in an SEC regulatory filing. The company reported that on December 12, 2023, it was notified that a threat actor believed to be Midnight Blizzard, also known as the notorious Russian hacking group Cozy Bear or APT29, had gained access to its cloud-based email environment.
The filing goes on to reveal that the threat actor accessed and exfiltrated data beginning in May 2023. It targeted what is said to be a "small percentage" of HPE mailboxes belonging to individuals in its cybersecurity, go-to-market, business segments, and other functions.
HPE says that with assistance from cybersecurity experts, it immediately investigated, contained, and remediated the incident, eradicating the activity.
HPE is still investigating the hack, which it believes is related to earlier activity by Cozy Bear that it became aware of in June 2023. That one involved the threat actor compromising a limited number of SharePoint files, going back to May 2023. The company says it took containment and remediation measures in response to this incident, too, but they obviously didn't work too well.
Not wanting to worry those concerned about the company's bottom line and share price, HPE emphasized that the latest incident is not "reasonably likely to materially impact the Company's financial condition or results of operations."
HPE isn't the only big tech firm to fall victim to Cozy Bear, which is linked to the Russian foreign intelligence service SVR. Microsoft recently identified the group as the likely nation-state attacker that hit its corporate email network in November 2023. The group used a password spray (brute force) attack to compromise a legacy, non-production test account.
HPE's sister company, HP, found itself in another PR quagmire this week when CEO Enrique Lores said that customers who don't use HP's own supplies are a "bad investment" for the company. He also made the questionable claim that HP is protecting customers with its ink cartridge DRM as it's possible to embed viruses into cartridges, something that hackers say has never happened outside of HP-backed tests.