Hewlett Packard Enterprise (HPE) disclosed right now that suspected Russian hackers often known as Midnight Blizzard gained entry to the corporate’s Microsoft Office 365 e-mail atmosphere to steal knowledge from its cybersecurity staff and different departments.
Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be a part of Russia’s Foreign Intelligence Service (SVR). The menace actors have been linked to a number of assaults all year long, together with the notorious 2020 SolarWinds provide chain assault.
In a brand new Form 8-Ok SEC submitting, HPE says they have been notified on December twelfth that the suspected Russian hackers breached their cloud-based e-mail atmosphere in May 2023.
“Based on our investigation, we now consider that the menace actor accessed and exfiltrated knowledge starting in May 2023 from a small proportion of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different capabilities,” reads the SEC submitting.
HPE says they’re nonetheless investigating the breach however consider it’s associated to a earlier breach in May 2023, when menace actors gained entry to the corporate’s SharePoint server and stole information.
The firm continues to work with exterior cybersecurity consultants and legislation enforcement to research the incident.
In response to additional questions in regards to the breach, HPE shared the next assertion with BleepingComputer.
The accessed knowledge is restricted to data contained within the customers’ mailboxes. We proceed to research and can make acceptable notifications as required.
Out of an abundance of warning and a want to adjust to the spirit of latest regulatory disclosure tips, we’ve got filed a kind 8-Ok with the Securities & Exchange Commission to inform that physique, and traders, about this incident. That stated, there was no operational affect on our enterprise and, thus far, we’ve got not decided that this incident is more likely to have a fabric monetary affect.”
While HPE has not supplied any additional particulars, Microsoft not too long ago reported a safety breach by Midnight Blizzard that additionally concerned knowledge theft from the corporate’s company e-mail accounts, together with its management staff.
Microsoft’s breach was brought on by a misconfigured check tenant account that allowed the menace actors to brute pressure the account’s password and log in to their techniques.
Using this entry, Midnight Blizzard gained entry to company e-mail accounts to steal knowledge from Microsoft’s senior management staff and staff in its cybersecurity and authorized departments.
HPE informed BleepingComputer that they have no idea if its incident is expounded to Microsoft’s.
The firm was beforehand breached in 2018 when Chinese hackers breached its and IBM’s community after which used that entry to hack into their prospects’ units.
More not too long ago, in 2021, HPE disclosed that the info repositories for its Aruba Central community monitoring platform have been compromised, permitting a menace actor to entry knowledge about monitored units and their areas.