Hewlett Packard Enterprise stated on Wednesday that its cloud-based e mail system was compromised by Midnight Blizzard, a Russia-linked hacking group that lately broke into Microsoft’s company community.
In a submitting with the U.S. Securities and Trade Fee, the enterprise tech large stated it was notified on December 12 that Midnight Blizzard, also called APT29 or Cozy Bear, had breached its cloud-based e mail atmosphere.
Midnight Blizzard is a infamous hacking group that’s extensively believed to be sponsored by the Russian authorities. It has been linked to quite a lot of high-profile assaults, together with the notorious SolarWinds assault in 2020 and the 2016 breach of the Democratic Nationwide Committee.
HPE stated an inner investigation has since decided that the Russia-backed hacking group “accessed and exfiltrated information” from a “small share” of HPE mailboxes beginning in Might 2023. HPE spokesperson Adam R. Bauer instructed TechCrunch that the “subtle” attackers “leveraged a compromised account to entry inner HPE e mail containers in our Workplace 365 e mail atmosphere.”
The corporate stated in its SEC submitting that the breach is probably going associated to an earlier Midnight Blizzard assault that noticed the group exfiltrate “a restricted variety of SharePoint recordsdata” from HP’s community in Might 2023, an incident the corporate realized about in June final yr.
Bauer stated the corporate hasn’t but decided what number of mailboxes have been accessed however stated they predominantly belonged to people in HPE’s cybersecurity, go-to-market, and enterprise groups. “The accessed information is proscribed to info contained within the customers’ mailboxes,” Bauer instructed TechCrunch. “We proceed to research and can make acceptable notifications as required.”
Information of the HPE breach comes simply days after Microsoft disclosed that Midnight Blizzard hackers had breached some company e mail accounts, together with these of the corporate’s “senior management group and staff in our cybersecurity, authorized, and different capabilities.” In keeping with the tech large, the hacking group used a password spray assault – the place a nasty actor tries the identical password on a number of accounts – on a legacy account to entry focused e mail accounts containing info associated to Midnight Blizzard itself.
It’s not but identified whether or not the HPE and Microsoft incidents are linked.
“We don’t have the main points of the incident that Microsoft skilled and disclosed final week, so we’re unable to hyperlink the 2 right now,” Bauer instructed TechCrunch. He added that HPE doesn’t count on the incident to have a cloth affect on its enterprise.