Midnight Blizzard, the Russian-linked hacker group behind a recent high-profile breach at Microsoft, also breached HPE, the company confirmed this week – and more victims are expected to emerge in the coming days.
HPE confirmed the group began accessing and exfiltrating data from the firm as far back as May 2023, accessing a “small percentage of HPE mailboxes”.
The tech giant said the affected mailboxes belonged largely to staff working in its cyber security, go-to-market, and business segments.
With assistance from external cyber security experts, HPE has reportedly activated its response process to “investigate, contain, and remediate the incident.”
This breach comes in the wake of several high-profile attacks by the threat actor group, which also goes by the names APT29 and Cozy Bear.
Most recently, Midnight Blizzard conducted a sneak-and-peek reconnaissance attack on Microsoft with the intention of finding out what the firm knew about it. As with the attack on HPE, corporate emails and company documents were exfiltrated by the group.
Back in 2019, SolarWinds suffered at the hands of Midnight Blizzard in a hack which had far-reaching consequences on several US governmental bodies, including the department of commerce and the treasury.
This isn't HPE’s first run in with Midnight Blizzard, either. Recent SEC filings state that this current attack is likely related to an earlier attack by the group in June 2023.
In a previously undisclosed breach, Midnight Blizzard gained unauthorized access to several SharePoint files on the HPE system, though HPE determined that it hadn’t materially impacted the company.
Further to this current attack, HPE claims to be cooperating with law enforcement while also assessing its regulatory notification obligations.
Though the full extent of the attack is unclear, HPE seems confident that the incident is not “likely to materially impact the company’s financial condition or results of operations.”
More Midnight Blizzard victims could be coming
Just a week after revealing it had fallen prey to Midnight Blizzard, Microsoft has now revealed an investigation into the attack shows more victims could be coming.
In a blog post on January 25, the tech giant concluded it was not the sole target of the group, and that it has been “targeting other organizations” operating in the global technology sector.
While Microsoft did not disclose who appears to have been targeted, the company said it has begun notifying those potentially at risk or exposed to the group.
“Using the information gained from Microsoft’s investigation into Midnight Blizzard, Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations,” Microsoft said.
RELATED RESOURCE
Discover a data center revitalization strategy that will help you dominate
It’s important to note that this investigation is still ongoing, and we will continue to provide details as appropriate.
Chis Morgan, senior cyber threat intelligence analyst at ReliaQuest, said the Microsoft and HPE attacks highlight the significant threats technology companies face from state-backed threat groups, many of whom are technically proficient and highly aggressive.
“The latest incident affecting HPE — which follows a recent intrusion made against Microsoft — serves as a reminder of the significant risk facing technology companies from nation-state aligned threats,” he said.
“The attack, which has been attributed to Russian-aligned threat group Cozy Bear (Aka Midnight Blizzard, APT29), highlights the ongoing struggle to stay one step ahead of attackers, who are agile, well resourced, and technically sophisticated.”
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
CISA just published crucial new guidance on keeping Microsoft Exchange servers secureNews With a spate of attacks against Microsoft Exchange in recent years, CISA and the NSA have published crucial new guidance for organizations to shore up defenses.
-
CISA issues alert after botched Windows Server patch exposes critical flawNews A critical remote code execution flaw in Windows Server is being exploited in the wild, despite a previous 'fix'
-
Microsoft issues warning over “opportunistic” cyber criminals targeting big businessNews Microsoft has called on governments to do more to support organizations
-
A terrifying Microsoft flaw could’ve allowed hackers to compromise ‘every Entra ID tenant in the world’News The Entra ID vulnerability could have allowed full access to virtually all Azure customer accounts
-
Microsoft and Cloudflare just took down a major phishing operationNews RaccoonO365’s phishing as a service platform has risen to prominence via Telegram
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malwareNews Researchers say the tool is already achieving the “gold standard” in malware classification
-
Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)News Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May
-
NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreadsNews The SharePoint flaw has already had a wide impact according to reports from government security agencies
