Info@NationalCyberSecurity
Info@NationalCyberSecurity

HP reports Russian December hack, but no ‘material impact’ | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker


Hewlett Packard revealed in an SEC regulatory filing that Russian hackers had gained access to HP’s cloud-based email environment, but said it had no material impact on the company’s operations. File Photo by Terry Schmitt/UPI | License Photo

Jan. 25 (UPI) — Hewlett Packard has been hacked by the same Russian hackers that hit Microsoft earlier this month, according to a regulatory filing with the U.S. Securities and Exchange Commission.

The Jan. 19 filing said, “On Dec.12, 2023, Hewlett Packard Enterprise Company was notified that a suspected nation-state actor, believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear, had gained unauthorized access to HPE’s cloud-based email environment. The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity.”

HP said the hack started in May 2023 but “has not had a material impact on the company’s operations.”

HP said it had not determined that the hacking is reasonably likely to materially impact the company’s financial condition or results of operation.

The filing said HP has notified and is cooperating with law enforcement and said the company will make notifications as appropriate based on what an ongoing investigation finds.

Microsoft said Jan. 20 that the same Russian hacking group had gained access to the email accounts of company senior leaders in a cyberattack detected Jan. 12.

According to Microsoft, the hacking attack was ended Jan. 13.

That hack used a “password spray attack” — an automated effort using commonly used passwords, but gained access to a very small percentage of Microsoft email accounts, according to the company.

HP said the Russian hackers gained “unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.”

“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” HP said in the SEC filing.

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW