Hewlett Packard Enterprise (HPE) disclosed in the present day that suspected Russian hackers referred to as Midnight Blizzard gained entry to the corporate’s Microsoft Workplace 365 e mail atmosphere to steal information from its cybersecurity workforce and different departments.
Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be a part of Russia’s Overseas Intelligence Service (SVR). The menace actors have been linked to a number of assaults all year long, together with the notorious 2020 SolarWinds provide chain assault.
In a brand new Type 8-Ok SEC submitting, HPE says they have been notified on December twelfth that the suspected Russian hackers breached their cloud-based e mail atmosphere in Might 2023.
“Primarily based on our investigation, we now consider that the menace actor accessed and exfiltrated information starting in Might 2023 from a small proportion of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features,” reads the SEC submitting.
HPE says they’re nonetheless investigating the breach however consider it’s associated to a earlier breach in Might 2023, when menace actors gained entry to the corporate’s SharePoint server and stole recordsdata.
The corporate continues to work with exterior cybersecurity consultants and regulation enforcement to research the incident.
In response to additional questions in regards to the breach, HPE shared the next assertion with BleepingComputer.
“On December 12, 2023, HPE was notified {that a} suspected nation-state actor had gained unauthorized entry to the corporate’s Workplace 365 e mail atmosphere. HPE instantly activated cyber response protocols to start an investigation, remediate the incident, and eradicate the exercise. By that investigation, which stays ongoing, we decided that this nation-state actor accessed and exfiltrated information starting in Might 2023 from a small proportion of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features. We consider the nation-state actor is Midnight Blizzard, also called Cozy Bear.
The accessed information is proscribed to data contained within the customers’ mailboxes. We proceed to research and can make acceptable notifications as required.
Out of an abundance of warning and a need to adjust to the spirit of latest regulatory disclosure tips, now we have filed a kind 8-Ok with the Securities & Trade Fee to inform that physique, and traders, about this incident. That mentioned, there was no operational influence on our enterprise and, thus far, now we have not decided that this incident is prone to have a cloth monetary influence.”
Whereas HPE has not supplied any additional particulars, Microsoft not too long ago reported a safety breach by Midnight Blizzard that additionally concerned information theft from the corporate’s company e mail accounts, together with its management workforce.
Microsoft’s breach was attributable to a misconfigured take a look at tenant account that allowed the menace actors to brute drive the account’s password and log in to their programs.
Utilizing this entry, Midnight Blizzard gained entry to company e mail accounts to steal information from Microsoft’s senior management workforce and workers in its cybersecurity and authorized departments.
HPE advised BleepingComputer that they have no idea if its incident is expounded to Microsoft’s.
The corporate was beforehand breached in 2018 when Chinese language hackers breached it is and IBM’s community after which used that entry to hack into their clients’ gadgets.
Extra not too long ago, in 2021, HPE disclosed that the info repositories for its Aruba Central community monitoring platform have been compromised, permitting a menace actor to entry information about monitored gadgets and their areas.
