In a significant cybersecurity development, Hewlett Packard Enterprise (HPE) revealed a breach in its cloud-based email system perpetrated by Midnight Blizzard, a hacking group with alleged Russian ties, also known for the recent Microsoft corporate network intrusion.
The enterprise tech giant disclosed in a U.S. Securities and Exchange Commission filing that it was alerted on December 12 to the breach by Midnight Blizzard, alternatively known as APT29 or Cozy Bear. This group has gained notoriety for its involvement in several high-stakes cyberattacks, including the Democratic National Committee breach in 2016 and the SolarWinds attack in 2019.
HPE’s internal investigation has uncovered that the Russia-linked hackers accessed and exfiltrated data from a modest portion of HPE mailboxes, beginning in May 2023. Adam R. Bauer, an HPE spokesperson, stated that the attackers utilized a compromised account to infiltrate HPE’s Office 365 email environment.
The recent breach is believed to be connected to a previous Midnight Blizzard attack in May 2023, during which the group extracted a limited number of SharePoint files from HPE’s network. This earlier incident came to light in June 2023.
Bauer mentioned that the extent of mailbox access remains undetermined, but it predominantly affected individuals from HPE’s cybersecurity, go-to-market, and business teams. The compromised data was confined to the contents of these users’ mailboxes. The company is actively investigating and will issue necessary notifications in compliance with regulatory requirements.
This disclosure follows closely on the heels of Microsoft’s admission that Midnight Blizzard breached some of their corporate email accounts, including those of senior leadership and employees in cybersecurity, legal, and other critical departments. The tech giant indicated that the hacking group executed a password spray attack, using a common password across multiple accounts, to gain entry into specific email accounts containing information about Midnight Blizzard.
The connection, if any, between the HPE and Microsoft incidents remains unclear. Bauer remarked, “We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time.” He also reassured that the breach is not expected to materially impact HPE’s business operations.
The breach of HPE’s cloud email system by Midnight Blizzard highlights the ongoing challenges and threats posed by sophisticated cyberattacks, especially those linked to state-sponsored actors. It underscores the critical importance of robust cybersecurity measures and vigilance in the ever-evolving digital landscape, where even the most secure systems can be vulnerable to determined and skilled cyber adversaries. As HPE continues its investigation into this breach, the incident serves as a stark reminder of the persistent threat of cyberattacks in our increasingly interconnected world.