Hewlett Packard Enterprise announced on Wednesday that its cloud-based email system had been compromised by the notorious hacking group, Midnight Blizzard. The group, believed to be sponsored by the Russian government, has been linked to high-profile attacks, including the recent breach of Microsoft’s corporate network.
In a filing with the U.S. Securities and Exchange Commission, HPE revealed that it was alerted to the breach on December 12, 2023. Midnight Blizzard, also known as APT29 or Cozy Bear, had successfully breached HPE’s cloud-based email environment.
HPE spokesperson, Adam R. Bauer, confirmed that the group had accessed and exfiltrated data from a small percentage of HPE mailboxes starting in May 2023. “The sophisticated attackers leveraged a compromised account to access internal HPE email boxes in our Office 365 email environment,” said Bauer in an interview with TechCrunch.
The company’s internal investigation determined that the attack was likely related to a previous incident in 2023, where Midnight Blizzard had exfiltrated a limited number of SharePoint files from HPE’s network. According to HPE’s SEC filing, the company learned of this incident in June of last year.
Bauer clarified that HPE has not yet determined the exact number of mailboxes that were accessed but stated that they primarily belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams. He assured that the accessed data was limited to information contained in the users’ mailboxes and that the investigation is ongoing.
“We continue to investigate and will make appropriate notifications as required.”
Last week, Microsoft disclosed that Midnight Blizzard hackers had successfully breached some corporate email accounts, including those belonging to the company’s senior leadership team and employees in cybersecurity, legal, and other functions. According to the tech giant, the hacking group used a password spray attack – trying the same password on multiple accounts – to access targeted email accounts containing information related to Midnight Blizzard itself.
It is currently unknown if the HPE and Microsoft incidents are linked. Bauer stated, “We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time.” He also added that HPE does not anticipate a material impact on its business as a result of the breach.
Takeaway: Yet another major corporation falls victim to Midnight Blizzard, a group that seems to have no shortage of targets in their sight. The extent of the damage is still unknown, but this latest attack highlights the ongoing need for robust cybersecurity measures in today’s digital landscape.
