Midnight Blizzard, the Russian-linked hacker group behind a recent high-profile breach at Microsoft, also breached HPE, the company confirmed this week – and more victims are expected to emerge in the coming days.
HPE confirmed the group began accessing and exfiltrating data from the firm as far back as May 2023, accessing a “small percentage of HPE mailboxes”.
The tech giant said the affected mailboxes belonged largely to staff working in its cyber security, go-to-market, and business segments.
With assistance from external cyber security experts, HPE has reportedly activated its response process to “investigate, contain, and remediate the incident.”
This breach comes in the wake of several high-profile attacks by the threat actor group, which also goes by the names APT29 and Cozy Bear.
Most recently, Midnight Blizzard conducted a sneak-and-peek reconnaissance attack on Microsoft with the intention of finding out what the firm knew about it. As with the attack on HPE, corporate emails and company documents were exfiltrated by the group.
Back in 2019, SolarWinds suffered at the hands of Midnight Blizzard in a hack which had far-reaching consequences on several US governmental bodies, including the department of commerce and the treasury.
This isn't HPE’s first run in with Midnight Blizzard, either. Recent SEC filings state that this current attack is likely related to an earlier attack by the group in June 2023.
In a previously undisclosed breach, Midnight Blizzard gained unauthorized access to several SharePoint files on the HPE system, though HPE determined that it hadn’t materially impacted the company.
Further to this current attack, HPE claims to be cooperating with law enforcement while also assessing its regulatory notification obligations.
Though the full extent of the attack is unclear, HPE seems confident that the incident is not “likely to materially impact the company’s financial condition or results of operations.”
More Midnight Blizzard victims could be coming
Just a week after revealing it had fallen prey to Midnight Blizzard, Microsoft has now revealed an investigation into the attack shows more victims could be coming.
In a blog post on January 25, the tech giant concluded it was not the sole target of the group, and that it has been “targeting other organizations” operating in the global technology sector.
While Microsoft did not disclose who appears to have been targeted, the company said it has begun notifying those potentially at risk or exposed to the group.
“Using the information gained from Microsoft’s investigation into Midnight Blizzard, Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations,” Microsoft said.
RELATED RESOURCE
Discover a data center revitalization strategy that will help you dominate
It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate.
Chis Morgan, senior cyber threat intelligence analyst at ReliaQuest, said the Microsoft and HPE attacks highlight the significant threats technology companies face from state-backed threat groups, many of whom are technically proficient and highly aggressive.
“The latest incident affecting HPE — which follows a recent intrusion made against Microsoft — serves as a reminder of the significant risk facing technology companies from nation-state aligned threats,” he said.
“The attack, which has been attributed to Russian-aligned threat group Cozy Bear (Aka Midnight Blizzard, APT29), highlights the ongoing struggle to stay one step ahead of attackers, who are agile, well resourced, and technically sophisticated.”
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Netgear WBE710 reviewReviews The compact WBE710 delivers great cloud management features and a good turn of Wi-Fi 7 speed – but it does have a premium price tag
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptakeNews Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to knowNews A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Microsoft is increasing payouts for its Copilot bug bounty programNews Microsoft has expanded the bug bounty program for its Copilot lineup, boosting payouts and adding coverage of WhatsApp and Telegram tools.
-
Hackers are using this new phishing technique to bypass MFANews Microsoft has warned that a threat group known as Storm-2372 has altered its tactics using a specific ‘device code phishing’ technique to bypass MFA and steal access tokens.
-
HPE alerts affected staff after Midnight Blizzard breachNews HPE has notified staff affected in a data breach that sensitive personal information, including credit card details, may have been exposed.
-
A new phishing campaign is exploiting Microsoft’s legacy ADFS identity solution to steal credentials and bypass MFANews Researchers at Abnormal Security have warned of a new phishing campaign targeting Microsoft's Active Directory Federation Services (ADFS) secure access system.
-
Hackers are using Microsoft Teams to conduct “email bombing” attacksNews Experts told ITPro that tactics like this are on the rise, and employees must be trained effectively
