// UNCLASSIFIED // CLEARED FOR PUBLIC RELEASE //
FILE BRC-newsDTG 0600Z
ColdRecon / Breach Radar / Hewlett Packard Enterprise
Breach Record

Hewlett Packard Enterprise

DISCLOSED 2023-05-01 · STOLEN CREDS

Hewlett Packard Enterprise is sending breach notifications related to a 2023 attack by the Russian state-sponsored group Midnight Blizzard. The attackers accessed a small percentage of HPE mailboxes using compromised credentials. Exposed data may include personal information contained in emails.

The record

What we know

Disclosed
2023-05-01
Attack vector
Stolen Creds
Sector
Technology
Country
US
Domain
hpe.com
Data classes exposed
email
ColdRecon assessment

Could a positive-security control have prevented this?

Verdict · no · opinion

The attack involved compromised email accounts through stolen credentials, not unauthorized changes to system state that a positive-security model would detect. Allowlisting would not prevent credential-based access to cloud email.

Our assessments are opinion, grounded in the cited public facts. Read them critically.

Sources

Cited reporting

Similar vector · recent

Other stolen creds breaches on file

This page is the permanent ColdRecon entry for the Hewlett Packard Enterprise disclosure. It updates if new public reporting emerges. All tracked breaches →

Hewlett Packard Enterprise just lived through this. Your next prospect doesn't have to.

ColdRecon turns every disclosed breach into a daily intelligence brief from the seller's seat — normalized to the factors that move a deal, written in the Handler's voice. Request clearance and the first lands tomorrow at 0600.

Request Clearance →