Technology company Hewlett Packard Enterprise (HPE) disclosed this week that suspected Russian state-sponsored hackers compromised its cloud email system and accessed employee mailboxes for months before detection.
In a regulatory filing with the SEC on December 12, 2023, HPE reported that threat actors believed to be the notorious hacking group Midnight Blizzard gained unauthorized entry into the company's Office 365 cloud email accounts. Midnight Blizzard, also known as APT29 or Cozy Bear, has been attributed to past attacks against the U.S. Democratic National Committee in 2016 and the sweeping SolarWinds campaign.
Based on an initial investigation with help from external cybersecurity experts, HPE believes the hackers infiltrated the mailboxes of select employees across functions like cybersecurity, business operations, and marketing teams beginning as far back as May 2023. The company is still working to determine the full scope of access and data stolen.
The incident is considered an advanced, stealthy attack by a patient and skilled adversary. HPE admitted detection only came in December, meaning the hackers maintained unrestricted access to email communications and attachments for more than six months.
While not confirmed, HPE noted similarities between this attack and previous suspicious activity in June 2023 later attributed to the same Midnight Blizzard group. At that time, documents were exfiltrated from HPE's SharePoint document system also believed to start in May.
HPE states it took swift action to eliminate the immediate threat and continues to investigate alongside law enforcement. The company said it does not currently believe the breach has materially impacted business operations or financials. Mandatory regulatory disclosures related to compromised personal information will be made accordingly.
The disclosure comes on the heels of Microsoft also revealing it was hacked by the Midnight Blizzard group in late 2023, as the advanced persistent threat continues to target major enterprises across sectors.
Piyush Pandey, CEO at Pathlock, discussed Midnight Blizzard with SecureWorld News:
"The selection of targets like Microsoft and HPE appears to align with the broader objectives often associated with state-sponsored espionage: intelligence collection, cybersecurity defense probing and manipulation, and potentially laying the groundwork for future operations. These companies are central to the IT infrastructure of many organizations, including government agencies, which makes them valuable targets."
HPE's breach notification underscores the serious challenges facing companies in keeping determined, expert-backed hacking groups from infiltrating sensitive systems and remaining undetected over lengthy periods.
Follow SecureWorld News for more stories related to cybersecurity.
