Connect with us

Hi, what are you looking for?

Tech & Science

Hewlett Packard employees caught out in suspected Russian hack

Just prior to the HPE attack, Cozy Bear has been targeting Microsoft 365 accounts in various attempts to exfiltrate sensitive data.

US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks - © AFP
US federal agencies warned hackers were targeting the business sector using malware that can lead to ransomware attacks - © AFP

Hewlett Packard Enterprise (HPE) has disclosed details about a suspected state-backed Russian hack, where cybercriminals broke into its cloud-based email system and extracted data from cybersecurity personnel and other employees.

HPE believes the hackers were from Cozy Bear, a unit of Russia’s SVR foreign intelligence service. Cozy Bear are classified by the U.S. federal government as an advanced persistent threat APT29.

Just prior to the HPE attack, Cozy Bear has been targeting Microsoft 365 accounts in various attempts to exfiltrate sensitive data, according to Bug Crowd.

The news around HPE’s hack continues to unfold, Ariel Parnes, former Head of the Israeli Intelligence Service Cyber Department, winner of the Israel Defense Prize for tech innovations in the cyber field, and COO and Co-Founder at Mitiga, the cloud and SaaS incident response leader, has explained to Digital Journal just what the implication of the attack are.

Parnes says that such an attack exposes weaknesses with cyber defence systems, and this is something all firms should learn from: “This recent security incident at Hewlett Packard Enterprise underscores the imperative for organizations to prioritize the collection and analysis of security logs.”

In terms of concrete measures, Parnes calls out: “Specifically, through the lens of unified audit logs within the M365 ecosystem, these logs are instrumental in providing insights into user activities and potential malicious actions. The importance of promptly detecting and responding to such incidents is highlighted by the HPE case, where unified audit logs were probably used in revealing unauthorized access to sensitive SharePoint files and manipulations within mailboxes.”

There is something important that all firms should practice: “Retaining these logs over an extended period equips organizations with the ability to retroactively investigate incidents, aiding in identifying the entry point and duration of a threat actor’s presence.”

This ties in with the specifics of the recent incident: “In the face of persistent Business Email Compromise (BEC) threats, the HPE incident and other significant M365 BEC instances, serves as a stark reminder that threat actors can infiltrate systems and operate undetected for an extended duration. Continuous BEC threat hunts, fuelled by the analysis of unified audit logs, empower organizations to proactively search for indicators of compromise, facilitating the discovery and neutralization of potential threats before they escalate.”

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

The Tesla Cybertruck is the most searched-for future electric vehicle in the UK.

Tech & Science

This points to extremely powerful rotating, magnetic winds helping this galaxy’s central supermassive black hole to grow.

Business

The EU warned Apple that its App Store is breaching its DMA rules, placing the iPhone maker at risk of billions of dollars in...

Business

The recent surge in AI technology has shifted productivity in an office environment.