New York
CNN
—
Tech agency Hewlett Packard Enterprise says its cloud-based e-mail methods had been breached by the identical Russian hacking group that compromised some Microsoft email accounts earlier this month.
Hewlett Packard Enterprise, also called HPE, revealed the breach in a securities filing final week. The incident passed off on December 12, 2023, and affected “a small share of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features,” the corporate mentioned.
“The Firm, with help from exterior cybersecurity consultants, instantly activated our response course of to analyze, comprise, and remediate the incident, eradicating the exercise,” HPE mentioned within the submitting.
HPE mentioned it suspects a gaggle generally known as “Midnight Blizzard” was chargeable for final month’s assault.
The hacking group, which US officers and personal consultants say has hyperlinks to Russia’s international intelligence service, has gained a repute as one of many stealthiest and most superior cyber espionage teams on the planet. Non-public analysts have referred to the group as “Midnight Blizzard” or as a part of a gaggle often called “APT29,” amongst different names.
The hackers used bugged software program made by US tech agency SolarWinds to interrupt into a number of US authorities businesses in 2020 to learn emails between senior company officers, US officers have alleged. (The Kremlin denied accountability.) The spying marketing campaign lasted effectively over a yr and compelled a serious shakeup in how the US authorities defends its networks from hackers.
Within the years since, the Russian hacking group has continued to make use of software program suppliers to attempt to infiltrate US and European authorities businesses as a part of a long-running quest for intelligence to serve the Kremlin, consultants who monitor the hackers have told CNN.
The alleged Russian laptop operatives have been notably adept at breaking into cloud computing networks, as they did with the current breach of HPE. The FBI has observed the hackers concentrating on cloud computing environments way back to 2018, in what the bureau mentioned was a possible tactic meant to cowl their tracks.
HPE mentioned in its submitting that an investigation discovered that the December hacking incident was linked to an earlier breach and theft of a few of its SharePoint information by the identical group in Could. The corporate mentioned that after being notified of that breach in June, it “instantly investigated … and took containment and remediation measures meant to eradicate the exercise” and that the incident didn’t materially influence the corporate.
HPE added relating to the December breach that it has “not decided the incident is fairly more likely to materially influence the Firm’s monetary situation or outcomes of operations.”
Microsoft final week disclosed that the identical group had accessed a small variety of its company e-mail accounts, together with these belonging to some senior leaders, weeks earlier. Microsoft equally mentioned it had “instantly activated our response course of to analyze, disrupt malicious exercise, mitigate the assault, and deny the risk actor additional entry.”
However the Russian hackers used a comparatively rudimentary method — often called password spraying — on their solution to breaching the e-mail accounts of Microsoft executives, the tech big mentioned. The revelation has added to the already stiff scrutiny going through Microsoft’s safety practices from US lawmakers and federal officers.
A senior US Nationwide Safety Company official instructed reporters Wednesday it was “disappointing” that the Russian hackers had been capable of breach Microsoft utilizing password spraying “these days.”
Huge tech corporations like Microsoft are going to be the repeated targets of state-backed hackers and have to organize accordingly, the NSA official mentioned in response to questions in the course of the on-background media briefing.
Microsoft declined to remark Wednesday.
The tech agency was additionally on the heart of an alleged Chinese language hack final yr that noticed hackers break into the e-mail accounts of senior US officers, including Commerce Secretary Gina Raimondo and US Ambassador to China NIcholas Burns. The hacking marketing campaign started after the attackers breached a Microsoft engineer’s company account, according to Microsoft.