Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was breached by Midnight Blizzard, a hacking group linked to Russia that recently broke into Microsoft’s corporate network.
On deposit with the US Securities and Exchange Commission, the tech giant said it was informed on December 12 that Midnight Blizzard, also known as APT29 or Cozy Bear, had breached its cloud-based email environment.
Midnight Blizzard is a notorious hacking group widely believed to be sponsored by the Russian government. Hackers have been linked to a number of high-profile cyberattacks, including the 2016 breach of the Democratic National Committee and the 2019 attack on SolarWinds.
HPE said an internal investigation has since shown that the Russian-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023. HPE spokesman Adam R. Bauer told TechCrunch that the attackers “leveraged a compromised account to access internal HPE mailboxes in the Office 365 email environment.”
The company said in its SEC filing that the breach is likely related to an earlier Midnight Blizzard attack that saw the group infiltrate “a limited number of SharePoint files” from HPE’s network in May 2023, an incident the company learned of in June 2023.
Bauer said the company has not yet determined how many mailboxes were accessed, but said they primarily belonged to people in HPE’s cybersecurity, go-to-market and business teams. “Access data is limited to information contained in users’ mailboxes,” Bauer told TechCrunch. “We are continuing to investigate and will make appropriate notifications as necessary.”
News of the HPE breach comes just days after Microsoft revealed that Midnight Blizzard hackers had breached a number of corporate email accounts, including those of the company’s “senior leadership team and employees in the field of cybersecurity, legal and other functions”. According to the tech giant, the hacking team used a password spray attack — where a bad actor tries the same password on multiple accounts — on a legacy account to access targeted email accounts containing information related to Midnight Blizzard itself.
It is not yet known if the HPE and Microsoft incidents are connected.
“We don’t have details about the incident that Microsoft experienced and disclosed last week, so we’re not able to connect the two at this time,” Bauer told TechCrunch. He added that HPE does not expect the incident to have a significant impact on its operations.
