Hewlett Packard Enterprise disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
Midnight Blizzard, aka Cozy Bear, APT29, and Nobelium, is a Russian state-sponsored hacking group believed to be part of Russia's Foreign Intelligence Service.
The threat actors have been linked to multiple attacks throughout the year, including the infamous 2020 SolarWinds supply chain attack.
In a new Form 8-K SEC filing, HPE says they were notified on December 12th that the suspected Russian hackers breached their cloud-based email environment in May 2023.
HPE says they are still investigating the breach but believe it is related to a previous breach in May 2023, when threat actors gained access to the company's SharePoint server and stole files.
The company continues to work with external cybersecurity experts and law enforcement to investigate the incident.
In response to further questions about the breach, HPE shared the following statement with BleepingComputer.
The accessed data is limited to information contained in the users' mailboxes.
We continue to investigate and will make appropriate notifications as required.
While HPE has not provided any further details, Microsoft recently reported a security breach by Midnight Blizzard that also involved data theft from the company's corporate email accounts, including its leadership team.
Microsoft's breach was caused by a misconfigured test tenant account that allowed the threat actors to brute force the account's password and log in to their systems.
Using this access, Midnight Blizzard gained access to corporate email accounts to steal data from Microsoft's senior leadership team and employees in its cybersecurity and legal departments.
HPE told BleepingComputer that they do not know if its incident is related to Microsoft's.
Russian hackers stole Microsoft corporate emails in month-long breach.
CISA: Russian hackers target TeamCity servers since September.
Microsoft disrupts Russian hackers' operation on NATO targets.
UK and allies expose Russian FSB hacking group, sanction members.
CISA: Critical Microsoft SharePoint bug now actively exploited.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 24 Jan 2024 21:50:36 +0000