In a recent cyber offensive, Hewlett Packard Enterprise (HPE) became a target of state-affiliated Russian hackers, adding to the growing list of state-sponsored cyber espionage incidents that continue to trouble the tech industry. HPE disclosed this security breach in a recent securities filing, shedding light on the events that transpired on December 12, 2023.
The group behind this attack, linked to Russian state interests, is the same entity that successfully compromised several Microsoft email accounts earlier in the same month. This serves as a stark reminder of their audacity and the sophistication of their tactics. HPE assures that the breach had a limited impact, affecting a small percentage of HPE mailboxes belonging to individuals in their cybersecurity, go-to-market, business segments, and other functions.
In response to the breach, HPE acted swiftly, initiating a comprehensive response process. This process encompassed a thorough investigation into the incident, containment efforts, and subsequent remediation actions, effectively eliminating the malicious activity. The group believed to be behind the attack is commonly referred to as “Midnight Blizzard,” and there are allegations of its connections to Russia’s foreign intelligence service.
Midnight Blizzard, also recognized as APT29 within certain cybersecurity circles, gained infamy in 2020 when it leveraged compromised software from the US tech company SolarWinds to infiltrate numerous US government agencies and access the emails of high-ranking agency officials. This highly sophisticated espionage campaign spanned over a year and prompted significant adjustments to how the US government defends its networks against cyber threats.
Since then, this Russian hacking group has continued its operations, with a primary focus on infiltrating government agencies in the US and Europe. Their recent breach of HPE, primarily targeting cloud computing networks, serves as evidence of their expertise in this domain. It’s worth noting that the FBI has been closely monitoring their attempts to compromise cloud environments since as far back as 2018, recognizing it as a tactic aimed at concealing their tracks.
Additionally, HPE disclosed that the December breach was related to a prior incident in May, in which the same hacking group stole some of its SharePoint files. In response to the May breach, HPE acted swiftly, conducting an investigation and implementing containment and remediation measures to ensure minimal impact on the company.
Notably, Microsoft also fell victim to this Russian hacking group, with the attackers employing a relatively straightforward technique known as “password spraying” to breach corporate email accounts. This incident has brought Microsoft’s security practices under scrutiny, with a senior US National Security Agency official expressing disappointment at the use of such a basic method in today’s complex cybersecurity landscape.
These breaches underscore the fact that major tech corporations like Microsoft and HPE remain attractive targets for state-sponsored hackers. Consequently, these companies must continually reinforce their security measures to safeguard their networks and sensitive data from highly skilled threat actors.
This latest breach follows a separate alleged Chinese hacking incident targeting Microsoft last year, which compromised the email accounts of senior US officials. It highlights the ongoing and persistent nature of cyber threats that loom over tech giants in today’s digital age.