Russian Group Linked to Microsoft Email Breach Confirmed as Hacker in HPE Attack

Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network. Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government. HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023. “The accessed data is limited to information contained in the users’ mailboxes,” Bauer told TechCrunch. “We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told TechCrunch.

Hewlett Packard Enterprise has announced that its cloud-based email system has been breached by Midnight Blizzard, a notorious hacking group with ties to the Russian government. The enterprise tech giant was informed of the breach on December 12, 2023 and has since launched an internal investigation.

The sophisticated attackers, known as Midnight Blizzard or APT29, gained access to our Office 365 email environment through a compromised account.

This attack is just one in a string of high-profile breaches linked to Midnight Blizzard, including the infamous SolarWinds attack in 2020 and the 2016 breach of the Democratic National Committee. HPE confirmed that the group was able to exfiltrate data from a small percentage of HPE mailboxes starting in May 2023.

  1. HPE spokesperson, Adam R. Bauer, stated that the accessed data is limited to information contained in the users’ mailboxes.
  2. The company has not yet determined the exact number of affected mailboxes, but stated that they primarily belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams.
  3. Bauer assured that the company is continuing to investigate the incident and will notify those affected as necessary.

This recent attack seems to be connected to a previous breach in May 2023, where Midnight Blizzard accessed “a limited number” of SharePoint files from HPE’s network. The company only became aware of this incident in June of last year.

We are working closely with the appropriate authorities and taking necessary steps to secure our systems and prevent future attacks.

News of this breach comes just days after Microsoft revealed that the same hacking group had breached several corporate email accounts, including those of high-level employees in their cybersecurity and legal departments.

It is believed that Midnight Blizzard used a password spray attack to gain access to these targeted email accounts, with a particular focus on information related to the group itself.

HPE is currently unable to confirm if there is a direct connection between their incident and the one at Microsoft. However, the company has stated that they do not expect this breach to have a significant impact on their business operations.

As the investigation continues, it is evident that companies must remain vigilant in their cybersecurity measures to protect against the persistent threats of hacking groups like Midnight Blizzard.

Avatar photo
Zara Khan

Zara Khan is a seasoned investigative journalist with a focus on social justice issues. She has won numerous awards for her groundbreaking reporting and has a reputation for fearlessly exposing wrongdoing.

Articles: 847

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *