Sarah Travers
In a recent cybersecurity incident, Hewlett Packard Enterprise (HPE) fell prey to the actions of a state-affiliated Russian hacking group, marking yet another occurrence of state-sponsored cyber espionage causing concerns within the tech industry. HPE officially disclosed this breach in a securities filing last week, offering insights into the breach that unfolded on December 12, 2023.
The Russian hacking outfit responsible for this attack is the same group that earlier compromised select Microsoft email accounts within the same month, highlighting their boldness and advanced tactics. HPE has assured that the damage resulting from the breach was contained and limited, affecting a small percentage of HPE mailboxes, particularly those belonging to individuals in their cybersecurity, go-to-market, business segments, and other functions.
HPE acted promptly to address the breach, activating its well-practiced response procedures, which involved a comprehensive investigation, containment strategies, and subsequent remediation efforts that successfully eliminated the malicious activity. The group believed to be behind the attack is commonly referred to as “Midnight Blizzard,” and it is alleged to have ties to Russia’s foreign intelligence service.
Midnight Blizzard, also known as APT29 in some cybersecurity circles, first gained notoriety in 2020 by leveraging compromised software from the US tech firm SolarWinds to infiltrate various US government agencies and access the emails of high-ranking agency officials. This sophisticated spying campaign persisted for over a year, resulting in substantial adjustments to how the US government safeguards its networks against cyber threats.
Since then, this Russian hacking group has continued its espionage efforts, with a specific focus on infiltrating government agencies in the US and Europe. Their recent breach of HPE, which primarily targeted cloud computing networks, underscores their expertise in this domain. Notably, the FBI has been monitoring their activities aimed at compromising cloud environments as far back as 2018, recognizing it as a tactic aimed at concealing their tracks.
Furthermore, HPE revealed that the December breach had a connection to a previous incident in May, wherein the same hacking group pilfered some of its SharePoint files. In response to the May breach, HPE promptly conducted an investigation and implemented containment and remediation measures to ensure it had a minimal impact on the organization.
The Russian hacking group also targeted Microsoft, utilizing a relatively straightforward technique known as “password spraying” to breach corporate email accounts. This incident has drawn attention to Microsoft’s security practices, with a senior US National Security Agency official expressing disappointment at the use of such a basic method in today’s complex cybersecurity landscape.
These incidents serve as a stark reminder that major tech corporations like Microsoft and HPE remain alluring targets for state-sponsored hackers. Consequently, these companies must continually fortify their security measures to safeguard their networks and sensitive data from highly skilled threat actors.
This latest breach comes on the heels of a separate alleged Chinese hacking attempt against Microsoft last year, compromising the email accounts of senior US officials. It underscores the relentless and persistent nature of cyber threats that loom over tech giants in today’s digital age.
