Microsoft and Hewlett Packard Enterprise (HPE) both recently disclosed that their corporate emails were compromised by Russian “Midnight Blizzard” hackers.
The group has ties to the Kremlin’s SVR foreign intelligence service and has particular ties to the SVR’s APT 29 Cozy Bear, a gang that have a finger in the pie In the 2016 U.S. presidential election, both governments and businesses engaged in aggressive attacks espionage around the world For years, was the man behind the infamous 2021 SolarWinds Supply Chain AttackWhile the HP and Microsoft breaches came to light within days of each other, the situation largely illustrates the ongoing reality of Midnight Blizzard’s international espionage and its efforts to find weaknesses in organizations’ digital defenses.
“We should not be surprised that Russian intelligence-backed threat actors, particularly SVR, are targeting technology companies such as Microsoft and HPE. For an organization of this size, it would be a much bigger problem to learn that they are not. Surprise,” said Jake Williams, a former NSA hacker and current faculty member at the Applied Cybersecurity Institute.
Hewlett Packard Enterprise told the U.S. Securities and Exchange Commission submit Midnight Blizzard gained access to its “cloud-based email environment” last year, the release said Wednesday. The company was first informed of the situation on December 12, 2023, but said the attack began in May 2023. The hackers “accessed and stole data… Data from a small number of HPE mailboxes belonging to individuals in our cybersecurity, marketing, business units and other functions was compromised,” the company wrote in its SEC filing. Leak.” HP Enterprise stated that this leak may be the result of another incident, discovered in June 2023, in which Midnight Blizzard began to access and steal the company’s “SharePoint” files as early as May 2023. SharePoint is a purpose-built cloud collaboration platform from Microsoft that is integrated with Microsoft 365.
“The information that was accessed was limited to information contained in HPE user emails,” Hewlett Packard Enterprise spokesman Adam Bauer told Wired in a statement. “We will continue to investigate and analyze these emails to determine what information may have been accessed. , and will take appropriate measures.” Notified as required. “
At the same time, Microsoft explain On Friday, it detected a system intrusion on January 12 related to a breach in November 2023. The attackers targeted and compromised a number of historic Microsoft system test accounts, then allowed them to access “a small set of Microsoft business email accounts, including our members” and “our senior leadership teams in cybersecurity, legal and other functions.” and employees.” From there, the group stole “a number of emails and attachments.” Microsoft noted in its disclosure that the attackers appeared to be seeking information about Microsoft’s investigations and assessments. Knowledge of the Midnight Blizzard itself.
“This attack was not the result of a vulnerability in a Microsoft product or service. To date, there is no evidence that the threat actor had access to customer environments, production systems, source code, or artificial intelligence systems,” the company wrote in its statement. “This attack really highlights the ongoing risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.”