The Kremlin-linked hacking group has been suspected of infiltrating the “Cloud Email Environment” of Hewlett Packard Enterprise to pull back mailbox data. The company stated in a regulatory filing, “The threat actor accessed and pulled out data beginning in May 2023 from a small percentage of HP Enterprise mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions”.
The encroachment has been imputed to the Russian-sponsored hacking group, called APT29. The group is also known by the names BlueBravo, Cloaked Ursa, Midnight Blizzard, and Cozy Bear. This malicious activity was reported after a few days when APT29 breached Microsoft’s corporate systems in November 2023 to sneak emails & attachments into the company's cybersecurity & legal departments.
HP Enterprise said it came to know about the data leak in December 2023. This means that the hackers infiltrated the network 6+ months ago. It also noted that the attack is possibly connected to a previous security event, which involved illegal access to limited SharePoint files as of May 2023. The malicious activity was alerted to the company in June 2023.
However, HP Enterprise emphasized that the incident didn’t make any material impact on the company's operations. The company didn’t disclose the plate of the cyber attack and the exact stolen information. Apart from this, APT29 has been behind some high-profile malicious activities in recent years, including the attack on the Democratic National Committee in 2016.