Late on Wednesday, Hewlett Packard Enterprise (HPE), a major cloud computing provider, reported a cyberattack by a suspected Russian intelligence team, marking the second such incident involving a significant U.S. internet company this month. In a Securities and Exchange Commission (SEC) filing, HPE revealed that it was notified on January 12 of a breach that led to the theft of emails from its cybersecurity employees and others.
This disclosure follows a similar report from Microsoft last Friday, where the company stated in an SEC filing that it lost senior executive emails and those of security professionals. Microsoft indicated that the hackers seemed to be seeking information on what Microsoft knew about them.
HPE did not disclose how the attack was discovered but mentioned that the intruders initially entered its systems in May 2023, extracting data from a “small percentage” of overall Office 365 mailboxes, primarily from departments such as cybersecurity and marketing.
Both HPE and Microsoft have a substantial number of government and defense customers, and both attributed the intrusions to a group linked with Russia’s SVR foreign intelligence service, which was also responsible for the extensive 2020 SolarWinds breach affecting federal agencies.
Chris Krebs, Chief Intelligence Officer at SentinelOne and former head of cybersecurity at the Department of Homeland Security, noted that HPE’s broad influence, coupled with the recent announcement of the Juniper Networks acquisition, makes it an attractive target. HPE had disclosed its plan to spend $14 billion on acquiring Juniper Networks.
The SEC filings from both tech companies come in the wake of tightened rules regarding the disclosure of hacking incidents. While the impact on their finances is yet undetermined, the filings emphasize the cautious approach taken by the companies. Both HPE and Microsoft are collaborating with law enforcement and conducting ongoing investigations into the incidents.
U.S. intelligence officials have not provided an immediate response to requests for comments on the matter.