Hewlett Packard Enterprise said on Wednesday that its cloud-based email system was compromised by Midnight Blizzard, a Russia-linked hacking group that recently broke into Microsoft’s corporate network.
In a filing with the U.S. Securities and Exchange Commission, the enterprise tech giant said it was notified on December 12 that Midnight Blizzard, also known as APT29 or Cozy Bear, had breached its cloud-based email environment.
Midnight Blizzard is a notorious hacking group that is widely believed to be sponsored by the Russian government. It has been linked to a number of high-profile attacks, including the infamous SolarWinds attack in 2020 and the 2016 breach of the Democratic National Committee.
HPE said an internal investigation has since determined that the Russia-backed hacking group “accessed and exfiltrated data” from a “small percentage” of HPE mailboxes starting in May 2023. HPE spokesperson Adam R. Bauer told CityandCoffee that the “sophisticated” attackers “leveraged a compromised account to access internal HPE email boxes in our Office 365 email environment.”
The company said in its SEC filing that the breach is likely related to an earlier Midnight Blizzard attack that saw the group exfiltrate “a limited number of SharePoint files” from HP’s network in May 2023, an incident the company learned about in June last year.
Bauer said the company hasn’t yet determined how many mailboxes were accessed but said they predominantly belonged to individuals in HPE’s cybersecurity, go-to-market, and business teams. “The accessed data is limited to information contained in the users’ mailboxes,” Bauer told CityandCoffee. “We continue to investigate and will make appropriate notifications as required.”
News of the HPE breach comes just days after Microsoft disclosed that Midnight Blizzard hackers had breached some corporate email accounts, including those of the company’s “senior leadership team and employees in our cybersecurity, legal, and other functions.” According to the tech giant, the hacking group used a password spray attack – where a bad actor tries the same password on multiple accounts – on a legacy account to access targeted email accounts containing information related to Midnight Blizzard itself.
It’s not yet known whether the HPE and Microsoft incidents are linked.
“We don’t have the details of the incident that Microsoft experienced and disclosed last week, so we’re unable to link the two at this time,” Bauer told CityandCoffee. He added that HPE doesn’t expect the incident to have a material impact on its business.