Jan 25, 2024NewsroomCyber Attack / Data Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data.

“The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said in a regulatory filing with the U.S. Securities and Exchange Commission (SEC).

The intrusion has been attributed to the Russian state-sponsored group known as APT29, and which is also tracked under the monikers BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes.

The disclosure arrives days after Microsoft implicated the same threat actor to the breach of its corporate systems in late November 2023 to steal emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments.

HPE said it was notified of the incident on December 12, 2023, meaning that the threat actors persisted within its network undetected for more than six months.

It also noted that attack is likely connected to a prior security event, also attributed to APT29, which involved unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023. It was alerted of the malicious activity in June 2023.

HPE, however, emphasized that the incident has not had any material impact on its operations to date. The company did not disclose the scale of the attack and the exact email information that was accessed.

APT29, assessed to be part of Russia’s Foreign Intelligence Service (SVR), has been behind some high-profile hacks in recent years, including the 2016 attack on the Democratic National Committee and the 2020 SolarWinds supply chain compromise.

Jan 05, 2024NewsroomCyber Attack / Data Breach

Ukrainian cybersecurity authorities have disclosed that the Russian state-sponsored threat actor known as Sandworm was inside telecom operator Kyivstar’s systems at least since May 2023.

The development was first reported by Reuters.

The incident, described as a “powerful hacker attack,” first came to light last month, knocking out access to mobile and internet services for millions of customers. Soon after the incident, a Russia-linked hacking group called Solntsepyok took responsibility for the breach.

Solntsepyok has been assessed to be a Russian threat group with affiliations to the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), which also operates Sandworm.

The advanced persistent threat (APT) actor has a track record of orchestrating disruptive cyber attacks, with Denmark accusing the hacking outfit of targeting 22 energy sector companies last year.

Illia Vitiuk, head of the Security Service of Ukraine’s (SBU) cybersecurity department, said the attack against Kyivstar wiped out nearly everything from thousands of virtual servers and computers.

The incident, he said, “completely destroyed the core of a telecoms operator,” noting the attackers had full access likely at least since November, months after obtaining an initial foothold into the company’s infrastructure.

“The attack had been carefully prepared during many months,” Vitiuk said in a statement shared on the SBU’s website.

Kyivstar, which has since restored its operations, said there is no evidence that the personal data of subscribers has been compromised. It’s currently not known how the threat actor penetrated its network.

It’s worth noting that the company had previously dismissed speculations about the attackers destroying its computers and servers as “fake.”

The disclosure comes as the SBU revealed earlier this week that it took down two online surveillance cameras that were allegedly hacked by Russian intelligence agencies to spy on the defense forces and critical infrastructure in the capital city of Kyiv.

The agency said the compromise allowed the adversary to gain remote control of the cameras, adjust their viewing angles, and connect them to YouTube to capture “all visual information in the range of the camera.”