An Intrusion in the Cloud: HPE’s Email System Compromised
Hewlett Packard Enterprise (HPE), a titan in the realm of enterprise technology, encountered a formidable cyber threat when its cloud-based email service fell victim to Midnight Blizzard. This infamous hacking collective, linked to Russia, has previously infiltrated Microsoft’s corporate network, showcasing its dangerous capabilities.
The Disclosure to the SEC: A Dark December Revelation
On December 12th, HPE made a startling revelation in a filing with the U.S. Securities and Exchange Commission. The enterprise behemoth acknowledged that Midnight Blizzard, notoriously known as APT29 or Cozy Bear, had successfully penetrated its cloud-based email.
The Infamous Midnight Blizzard: A Shadow of Russian Sponsorship
Renowned for its devious prowess in cyber espionage, Midnight Blizzard casts a long shadow of suspicion towards Russian governmental sponsorship. Their digital fingerprints have been identified in numerous major cyber incursions. Notably, they orchestrated the 2016 Democratic National Committee breach and the infamous SolarWinds attack in 2019.
HPE’s Internal Investigation: Uncovering the Breach’s Depth
Following a meticulous internal probe, HPE disclosed a disturbing find. Since May 2023, the Russia-aligned cyber marauders had infiltrated and extracted data from a “small percentage” of HPE’s email accounts. Adam R. Bauer, HPE’s spokesperson, shared with TechCrunch that the attackers exploited a compromised account to gain entry into HPE’s Office 365 email system.
Tracing the Digital Footprints: Linking to a Previous Assault
In its SEC filing, HPE suggested that this breach might be intertwined with a prior Midnight Blizzard onslaught. In May 2023, the group had pilfered “a limited number of SharePoint files” from HPE’s network. This earlier incident only came to light in June 2023.
The Scope of the Compromise: Bauer’s Insights
Adam R. Bauer revealed that the exact number of affected mailboxes remains undetermined. However, the breach predominantly impacted individuals in pivotal departments – cybersecurity, go-to-market, and business units. Bauer emphasized that the compromised data was confined to the content within these mailboxes. He assured that investigations were ongoing and that necessary notifications would be made in due course.
The Broader Context: Microsoft’s Confrontation with Midnight Blizzard
This unsettling news from HPE surfaced merely days after Microsoft announced a similar violation. Midnight Blizzard had infiltrated corporate email accounts belonging to Microsoft’s upper echelon, including its cybersecurity and legal teams. The hackers employed a ‘password spray attack’ on a legacy account, targeting emails containing information about Midnight Blizzard itself.
Unraveling the Connection: HPE and Microsoft Incidents
As of now, any direct link between the HPE and Microsoft breaches remains shrouded in uncertainty. “We lack the details of Microsoft’s incident, so connecting the two is currently not feasible,” Bauer stated to TechCrunch. He further added that HPE doesn’t foresee this incident having a significant impact on its business operations.
Dimitris is an Information Technology and Cybersecurity professional with more than 20 years of experience in designing, building and maintaining efficient and secure IT infrastructures.
Among others, he is a certified: CISSP, CISA, CISM, ITIL, COBIT and PRINCE2, but his wide set of knowledge and technical management capabilities go beyond these certifications. He likes acquiring new skills on penetration testing, cloud technologies, virtualization, network security, IoT and many more.