HPE says Russian Midnight Blizzard hackers hit security team emails
A “small percentage” of email inboxes were accessed
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Russian state-sponsored threat actors known as MidnightBlizzardbreached HPE’s IT systems late last year and stole sensitive data from its employees’ email inboxes.
HPE confirmed the news in a new 8-K submission with the U.S. Securities and Exchange Commission (SEC). As per the filing, the company spotted the attack on December 12 and moved in to investigate and remedy the incident.
The investigation uncovered that since May 2023, Midnight Blizzard (also known as Cozy Bear, or Nobelium) had access to “a small percentage” of HPE’s cloud-based email inboxes. BleepingComputer reports that HPE uses theMicrosoft365productivitysuite.
No material impact
The inboxes belong to HPE employees working in cybersecurity, go-to-market, business, and other segments.
HPE further explained that the incident is “likely related” to an earlier attack, of which the company was made aware in June last year. In that attack, Midnight Blizzard was accessing and pulling SharePoint flies from the company.
That being said, HPE doesn’t believe the attack will have a material impact on the company, or that it will disrupt its operations.
“Upon undertaking such actions, we determined that such activity did not materially impact the Company,” HPE said in the filing. “As of the date of this filing, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
The police have been notified, HPE concluded, adding it is currently assessing its regulatory notification obligations.
Nobelium seems to have had a busy end to the year in 2023, as roughly at the same time, it also managed to break into Microsoft. Earlier this week, the Redmond giant announced email accounts belonging to highly-positioned individuals having been breached by the same threat actor. The emails belong to senior leadership, as well as those working in cybersecurity and legal departments.
ViaBleepingComputer
More from TechRadar Pro
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
