Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Email Security

HPE Says Russian Government Hackers Had Access to Emails for 6 Months

HPE told the SEC that Russian state-sponsored threat group Midnight Blizzard had access to an email system for several months.

HPE hacked

Hewlett Packard Enterprise (HPE) revealed in an SEC filing on Wednesday that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government.

The company said it was notified on December 12 that a threat group identified as Midnight Blizzard and Cozy Bear had hacked into its cloud-based email environment. 

HPE said it kicked out the attackers, but its investigation revealed that the threat actor gained access to its systems and started exfiltrating data in May 2023. The hackers targeted “a small percentage of HPE mailboxes” used by staff in cybersecurity, go-to-market, business segments, and other departments.

“While our investigation of this incident and its scope remains ongoing, the Company now understands this incident is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023,” HPE said. “Following the notice in June, we immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity.”

The company does not expect the incident to have a material impact. Public companies are now required to disclose any material breach to the SEC within four business days of discovering that the incident has material impact. 

Microsoft reported last week that the Midnight Blizzard group had hacked into its corporate network and stole emails and attachments from senior executives, as well as from cybersecurity and legal department staff. 

The hackers had used a password spray attack to compromise a legacy non-production test tenant account, and then leveraged that account’s permissions to access corporate emails. The tech giant said the attack was launched in late November 2023 and detected on January 12, 2024, and it impacted a “very small percentage” of email accounts.

It’s unclear if Microsoft and HPE were targeted as part of the same or separate campaigns.

Advertisement. Scroll to continue reading.

Midnight Blizzard is a cyberespionage-focused group also known as APT29, Cozy Bear, The Dukes, Nobelium, and Yttrium, and it’s one of the most active and most sophisticated threat actors linked to the Russian government. It has been blamed for the 2020 SolarWinds attack and other high-profile attacks.

Several government agencies reported in December that the cyberspy group had been exploiting a TeamCity vulnerability on a large scale.

In August, Microsoft warned that the group had been abusing its Teams chat app to phish for credentials at targeted organizations.

Related: HPE Says Customer Data Compromised in Aruba Data Breach

Related: Microsoft: Iranian APT Impersonating Prominent Journalist in Clever Spear-Phishing Attacks

Related: Russia-Linked APT29 Uses New Malware in Embassy Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Ask any three people to define cyberwar and you will get three different answers. But as global geopolitics worsen and aggressive cyberattacks increase, this...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet