Russian state-sponsored hackers linked to APT29, also known as BlueBravo and Cozy Bear, infiltrated Hewlett Packard Enterprise's (HPE) cloud email environment, exfiltrating mailbox data from a small percentage of HPE mailboxes over a six-month period. The attack, attributed to the Russian Foreign Intelligence Service (SVR), is suspected to be connected to a prior security event involving unauthorized access to SharePoint files. HPE stated that the incident has not materially impacted its operations, and the exact scale and nature of the accessed email information were not disclosed.
Okta has revealed that the October 2023 breach of its support case management system had a broader impact than initially reported. The threat actor downloaded the names and email addresses of all Okta customer support system users, affecting all Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers except those in separate support systems. Additionally, reports containing contact information of Okta certified users, some CIC customers, and unspecified employee information were accessed. However, no user credentials or sensitive personal data were compromised. Okta has notified customers of potential phishing risks and implemented new security features. The identity of the threat actors is unknown, but a cybercrime group called Scattered Spider has targeted Okta in the past.
