On Wednesday, HPE announced that the hacking group Midnight Blizzard, which has ties to Russia, had gained access to its cloud-based email system. This group had previously breached Microsoft’s corporate network.
Midnight Blizzard, alias APT29 or Cozy Bear, has compromised the business software giant’s cloud-based email system, according to a filing with the US Securities and Exchange Commission. The breach was discovered on December 12, the document claimed.
It is often thought that the Russian government sponsors the infamous hacking outfit Midnight Blizzard. It was associated with the 2016 hack of the Democratic National Committee and the notorious SolarWinds assault in 2020, among other high-profile incidents.
The hacking organization with ties to Russia “accessed and exfiltrated data” from a “small percentage” of HPE mails beginning in May 2023, according to HPE’s internal investigation. The “sophisticated” attackers “leveraged a compromised account to access internal HPE email boxes in our Office 365 email environment,” according to HPE spokesman Adam R. Bauer, who talked with .
The company stated in its SEC filing that the breach is most likely related to a prior Midnight Blizzard attack that took place in May 2023 and that the company discovered in June of the previous year. In that attack, the gang stole “a limited number of SharePoint files” from HP’s network.
According to Bauer, the number of mails that were accessed is still unknown, but it was mostly personnel from the cybersecurity, go-to-market, and business teams at HPE that were affected. Information included in users’ emails is the extent of the accessible data, according to Bauer’s statement to . “We are actively looking into the matter and will notify you accordingly when necessary.”
Microsoft recently disclosed that Midnight Blizzard hackers had compromised some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” The news of the HPE breach follows this disclosure. Hackers gained access to Midnight Blizzard-related email accounts using a password spray assault, which the software giant describes as “where a bad actor tries the same password on multiple accounts.” The breach began with a legacy account.
The relationship between the HPE and Microsoft issues is yet unclear.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told Reuters. He said that HPE doesn’t anticipate the event to have a major effect on its company.