Breach taxonomy
Summary
Beginning as early as May 2023, a nation-state actor identified as Midnight Blizzard (Cozy Bear/SVR) gained unauthorized access to HPE's cloud-based email environment and exfiltrated data from a small percentage of HPE mailboxes in cybersecurity, go-to-market, and business segment functions. The activity was likely related to an earlier June 2023 breach involving unauthorized access to and exfiltration of a limited number of SharePoint files. HPE was notified of the email environment compromise on December 12, 2023 and immediately activated its incident response process to investigate, contain, and remediate the activity.
Tagging rationale
ThreatNation State
Filing explicitly identifies the actor as Midnight Blizzard, described as a state-sponsored actor also known as Cozy Bear.
MethodsData Exfil
Filing confirms the actor accessed and exfiltrated data from email mailboxes and a limited number of SharePoint files; no initial attack vector is described.