Hewlett Packard Enterprise (HPE) revealed last week that its cloud-based email systems had been breached by a Russian hacking group. The breach, which occurred on December 12, 2023, affected a small percentage of HPE mailboxes belonging to individuals in cybersecurity, go-to-market, business segments, and other functions.
HPE confirmed the breach in a securities filing and stated that with the help of external cybersecurity experts, the company immediately activated its response process to investigate, contain, and remediate the incident, eradicating the activity. The company suspects that the group responsible for the breach, known as “Midnight Blizzard,” was also behind a previous breach and theft of some SharePoint files in May.
The Russian hacking group, also known as APT29, has gained a reputation for being one of the stealthiest and most advanced cyber espionage groups in the world and is believed to have links to Russia’s foreign intelligence service. In 2020, the group used compromised software from US tech firm SolarWinds to break into multiple US government agencies, leading to a major shakeup in the US government’s cybersecurity defenses.
Since then, the group has continued its efforts to infiltrate US and European government agencies using software providers. With a focus on cloud computing networks, the group has targeted cloud computing environments as a tactic to cover their tracks, according to observations by the FBI.
HPE’s investigation of the December hacking incident found that it was linked to an earlier breach and theft of SharePoint files by the same group in May. Despite these incidents, HPE stated that they have not determined the breach to be reasonably likely to materially impact the company’s financial condition or results of operations.
This breach comes in the wake of a similar incident involving Microsoft, where the same Russian hacking group accessed a small number of its corporate email accounts, including those belonging to some senior leaders. The Russian hackers used a relatively rudimentary technique known as password spraying to breach the email accounts of Microsoft executives.
The latest breach has added to the scrutiny facing Microsoft’s security practices, with US lawmakers and federal officials expressing concern over the company’s ability to defend against state-backed hackers. Additionally, Microsoft was also at the center of an alleged Chinese hack last year, where hackers broke into the email accounts of senior US officials.
A senior US National Security Agency official expressed disappointment at the ability of Russian hackers to breach Microsoft using password spraying in the present day. The official noted that big tech firms like Microsoft are likely to be repeated targets of state-backed hackers and must prepare accordingly.
In response to the recent breaches, tech firms like HPE and Microsoft will need to bolster their cybersecurity measures to prevent future attacks from state-backed hacking groups. Both incidents highlight the increasing sophistication and persistence of these groups and the challenges faced by technology companies in defending against them.