Hewlett Packard Enterprise (HPE) reported on Wednesday that its cloud-based email system was breached by the Russia-linked hacking group Midnight Blizzard, also known as APT29 or Cozy Bear. The group is also suspected of recently infiltrating Microsoft’s corporate network.
In a report filed with the U.S. Securities and Exchange Commission, HPE announced that it had been alerted to the breach of its cloud-based email system on December 12. Notable past cyber attacks credited to Midnight Blizzard include the 2016 Democratic National Committee breach and the 2019 SolarWinds attack.
Following internal investigations, HPE confirmed that the Russian-backed hacking group accessed and extracted data from a small fraction of HPE mailboxes starting from May 2023. HPE representatives explained that the hackers utilised a compromised account to gain access to the internal HPE email boxes.
HPE believes that the breach is connected to a previous Midnight Blizzard attack in May 2023 that resulted in the exfiltration of a limited number of SharePoint files from the HPE network. The extent of the most recent breach is still under investigation, but HPE confirmed that the impacted mailboxes mostly belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams.
The announcement of the HPE breach comes on the heels of Microsoft’s recent disclosure that Midnight Blizzard had infiltrated several corporate email accounts. It remains unclear if the breaches suffered by Microsoft and HPE are connected. HPE reassured that the incident should not have any significant impact on the company’s business.
