Hewlett Packard Enterprise (HPE) revealed today that its cybersecurity team and other departments’ data was stolen by suspected Russian hackers known as Midnight Blizzard who obtained access to the company’s Microsoft Office 365 email system.
Midnight Blizzard is a state-sponsored hacking gang from Russia that goes by the names Cosy Bear, APT29, and Nobelium. It is thought to be affiliated with the country’s Foreign Intelligence Service (SVR). Throughout the year, the threat actors have been connected to several attacks, including the notorious 2020 SolarWinds supply chain attack.
According to HPE, they were informed on December 12th that the suspected Russian hackers had compromised their cloud-based email system in May 2023, according to a recent Form 8-K SEC filing. “Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” reads the SEC filing
Although HPE claims they are still looking into the incident, they think it’s connected to one that happened in May 2023 when threat actors broke into the company’s SharePoint server and took material.
The business is still looking into the situation with the help of law police and outside cybersecurity specialists. BleepingComputer received a comment from HPE in response to additional inquiries on the issue.
Statement by HPE – Hewlett Packard Enterprise
“On December 12, 2023, HPE was notified that a suspected nation-state actor had gained unauthorized access to the company’s Office 365 email environment. HPE immediately activated cyber response protocols to begin an investigation, remediate the incident, and eradicate the activity. Through that investigation, which remains ongoing, we determined that this nation-state actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions. We believe the nation-state actor is Midnight Blizzard, also known as Cozy Bear.
The accessed data is limited to information contained in the users’ mailboxes. We continue to investigate and will make appropriate notifications as required. Out of an abundance of caution and a desire to comply with the spirit of new regulatory disclosure guidelines, we have filed a form 8-K with the Securities & Exchange Commission to notify that body, and investors, about this incident. That said, there has been no operational impact on our business and, to date, we have not determined that this incident is likely to have a material financial impact.”
Midnight Blizzard was the source of Security breach
HPE has not released any additional information, however Microsoft recently revealed that Midnight Blizzard was the source of a security breach that also included data theft from the company’s business email accounts, which included accounts belonging to its executive team.
A test tenant account that was improperly configured led to Microsoft’s hack, which gave threat actors access to their systems and enabled them to brute force the password. By using this access, Midnight Blizzard was able to obtain corporate email accounts and use them to steal information from senior Microsoft executives as well as staff members working in the company’s legal and cybersecurity divisions. BleepingComputer was informed by HPE that they are unsure if their situation is connected to Microsoft’s.
The corporation was previously compromised in 2018 when Chinese hackers gained access to IBM’s and its networks to compromise the devices of its clients. In 2021, HPE revealed that a threat actor had gained access to information regarding the locations and characteristics of monitored devices due to a breach in the data repositories of their Aruba Central network monitoring product.
By: Gursharan Kaur