The HPE hack was attributed to a group of suspected Russian hackers known as Midnight Blizzard, also referred to as Cozy Bear, APT29, and Nobelium.
Hewlett Packard Enterprise (HPE) has reported that it experienced a security breach in its Microsoft Office 365 email environment. The breach was attributed to a group of suspected Russian hackers known as Midnight Blizzard, also referred to as Cozy Bear, APT29, and Nobelium.
Midnight Blizzard is believed to be linked to Russia’s Foreign Intelligence Service (SVR). HPE was alerted to the breach on December 12th, 2023, and it was discovered that the hackers gained unauthorized access to the company’s cloud-based email system in May of the same year.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,”
Reads the SEC filing.
HPE Hacked and Ongoing Investigations Point to a Previous Related Incident
HPE is currently conducting an ongoing investigation into the breach. They suspect that it may be connected to a previous incident in May 2023, during which unauthorized individuals accessed HPE’s SharePoint server and pilfered files.
To aid in their investigation, HPE is collaborating with external cybersecurity experts and law enforcement authorities.
“Through that investigation, which remains ongoing, we determined that this nation-state actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions. We believe the nation-state actor is Midnight Blizzard, also known as Cozy Bear.
The accessed data is limited to information contained in the users’ mailboxes. We continue to investigate and will make appropriate notifications as required.”
HPE said in a statement
Hewlett Packard Enterprise Hack Tracks Similarities with Midnight Blizzard Hack on Microsoft
The firm has not given additional specifics regarding the HP enterprise hack. However, Microsoft recently disclosed a security incident involving Midnight Blizzard, which resulted in data theft from their corporate email accounts, including those of their leadership team.
Microsoft’s breach occurred due to a misconfigured test tenant account, enabling the threat actors to carry out a brute force attack and gain unauthorized access to their systems.
Midnight Blizzard, after infiltrating Microsoft’s systems, targeted the corporate email accounts of Microsoft’s senior leadership team, as well as employees in the cybersecurity and legal departments. HPE has stated that they are uncertain whether their incident is connected to Microsoft’s breach.
It is worth noting that HPE experienced a previous breach in 2018, where Chinese hackers gained unauthorized access to their network and used it as a stepping stone to compromise their customers’ devices, as well as IBM’s network.
