Hewlett Packard Enterprise stated on Wednesday that its cloud-based e mail system was compromised by Midnight Blizzard, a Russia-linked hacking group that not too long ago broke into Microsoft’s company community.
In a submitting with the U.S. Securities and Change Fee, the enterprise tech big stated it was notified on December 12 that Midnight Blizzard, also called APT29 or Cozy Bear, had breached its cloud-based e mail setting.
Midnight Blizzard is a infamous hacking group that’s extensively believed to be sponsored by the Russian authorities. It has been linked to quite a few high-profile assaults, together with the notorious SolarWinds assault in 2020 and the 2016 breach of the Democratic Nationwide Committee.
HPE stated an inside investigation has since decided that the Russia-backed hacking group “accessed and exfiltrated information” from a “small share” of HPE mailboxes beginning in Might 2023. HPE spokesperson Adam R. Bauer instructed TechCrunch that the “refined” attackers “leveraged a compromised account to entry inside HPE e mail containers in our Workplace 365 e mail setting.”
The corporate stated in its SEC submitting that the breach is probably going associated to an earlier Midnight Blizzard assault that noticed the group exfiltrate “a restricted variety of SharePoint information” from HP’s community in Might 2023, an incident the corporate realized about in June final yr.
Bauer stated the corporate hasn’t but decided what number of mailboxes had been accessed however stated they predominantly belonged to people in HPE’s cybersecurity, go-to-market, and enterprise groups. “The accessed information is proscribed to info contained within the customers’ mailboxes,” Bauer instructed TechCrunch. “We proceed to analyze and can make applicable notifications as required.”
Information of the HPE breach comes simply days after Microsoft disclosed that Midnight Blizzard hackers had breached some company e mail accounts, together with these of the corporate’s “senior management group and workers in our cybersecurity, authorized, and different features.” In keeping with the tech big, the hacking group used a password spray assault – the place a nasty actor tries the identical password on a number of accounts – on a legacy account to entry focused e mail accounts containing info associated to Midnight Blizzard itself.
It’s not but recognized whether or not the HPE and Microsoft incidents are linked.
“We don’t have the small print of the incident that Microsoft skilled and disclosed final week, so we’re unable to hyperlink the 2 right now,” Bauer instructed TechCrunch. He added that HPE doesn’t count on the incident to have a cloth influence on its enterprise.
