HPE’s SEC Alert: Office 365 Breached by Midnight Blizzard Hackers
At the outset of this week, Microsoft disclosed that its corporate email system had been compromised by the Russian-speaking hacker collective known as Midnight Blizzard (also recognized as Nobelium, APT29, and Cozy Bear), wherein the intruders maintained access to the system for over a month. Subsequently, Hewlett Packard Enterprise (HPE) has also reported a similar assault, likewise falling victim to the machinations of APT29.
In a notification submitted to the U.S. Securities and Exchange Commission (SEC), HPE revealed that hackers from Midnight Blizzard had infiltrated its Microsoft Office 365 corporate email environment with the intent of exfiltrating information from cybersecurity professionals as well as other company employees.
HPE announced that on December 12, 2023, it became aware that its cloud email had been breached by hackers as early as May 2023.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the document states.
While HPE acknowledges that the investigation into the incident is not yet complete, the company suspects that the attack is related to a previous compromise that also occurred in May 2023. During that time, the perpetrators accessed the company’s SharePoint server and pilfered files.
The statement also notes that the stolen information was confined solely to the data contained within the email boxes of affected users. However, the specifics of what might have fallen into the hackers’ hands remain unspecified.
Representatives from HPE have informed the media that it is unknown whether this incident is related to the recent Microsoft compromise.
It is worth recalling that malefactors penetrated Microsoft’s email environment in November 2023, following a successful password spray brute force attack (an attempt using previously compromised or commonly used passwords) and gained access to a test account of an old non-production tenant.
The hackers remained within the system for more than a month, compromising the emails of Microsoft executives, legal department staff, and cybersecurity experts.