[ad_1]
The Russian hackers who recently broke into Microsoft also managed to infiltrate another major IT company: Hewlett Packard Enterprise. HPE today reported that a notorious state-sponsored hacking group called Midnight Blizzard, or Cozy Bear, breached the company’s email systems. HPE first uncovered the attack on Dec. 12, but the culprits may have had access for months. “Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said in a filing with the Securities and Exchange Commission.It’s unclear how the attackers gained access. But it looks like the Russian hackers targeted HPE on multiple fronts. In the filing, the company noted: “this incident is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.” In response, HPE has been working with law enforcement and external cybersecurity experts to address the hack. The breach bears some similarities to how Cozy Bear targeted Microsoft. Last week, Redmond revealed that state-sponsored hackers breached Microsoft systems to access the corporate emails from senior leaders and employees in its “cybersecurity, legal, and other functions.”
Recommended by Our Editors
In Microsoft’s case, the Russian hackers broke in by plugging in numerous passwords to hijack a “legacy non-production test tenant,” as a jumping-off point to access corporate email accounts. However, the company added: “The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems. We will notify customers if any action is required.” The US alleges Cozy Bear, also known as APT29, operates with the backing of the Russian government. The group gained notoriety in 2016 for hacking the Democratic National Committee’s servers. In 2020, Cozy Bear was also implicated in the SolarWinds hack, which allowed Russian hackers to spy on several US government agencies.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
[ad_2]
