Microsoft and Hewlett-Packard Enterprise (HPE) each not too long ago disclosed that they suffered company electronic mail breaches by the hands of Russia’s “Midnight Blizzard” hackers.
The group, which is tied to the Kremlin’s SVR international intelligence, is particularly linked to SVR’s APT 29 Cozy Bear, the gang that meddled in america 2016 presidential election, has performed aggressive authorities and company espionage around the globe for years, and was behind the notorious 2021 SolarWinds provide chain assault. Whereas each HP’s and Microsoft’s breaches got here to gentle inside days of one another, the state of affairs primarily illustrates the continued actuality of Midnight Blizzard’s worldwide espionage actions and the lengths it would go to to seek out weaknesses in organizations’ digital defenses.
“We should not be shocked that Russian intelligence-backed menace actors, and SVR particularly, are concentrating on tech firms like Microsoft and HPE. With organizations that measurement, it could be a a lot larger shock to be taught they weren’t,” says Jake Williams, a former US Nationwide Safety Company hacker and present college member on the Institute for Utilized Community Safety.
HP Enterprise mentioned in a US Securities and Change Fee submission posted on Wednesday that Midnight Blizzard gained entry to its “cloud-based electronic mail atmosphere” final yr. The corporate first realized in regards to the state of affairs on December 12, 2023, however mentioned that the assault started in Might 2023. Hackers “accessed and exfiltrated information … from a small share of HPE mailboxes belonging to people in our cybersecurity, go-to-market, enterprise segments, and different features,” the corporate wrote within the SEC submitting. HP Enterprise mentioned the breach seemingly took place as the results of one other incident, found in June 2023, by which Midnight Blizzard additionally accessed and exfiltrated firm “SharePoint” information starting as early as Might 2023. SharePoint is a much-targeted cloud collaboration platform made by Microsoft that integrates with Microsoft 365.
“The accessed information is proscribed to info contained within the HPE customers’ electronic mail packing containers,” HP Enterprise spokesperson Adam Bauer instructed WIRED in an announcement. “We proceed to analyze and analyze these mailboxes to establish info that might have been accessed and can make acceptable notifications as required.”
In the meantime, Microsoft mentioned on Friday that it detected a system intrusion on January 12 tied to a November 2023 breach. The attackers focused and compromised some historic Microsoft system check accounts that then allowed them to entry “a really small share of Microsoft company electronic mail accounts, together with members of our senior management workforce and workers in our cybersecurity, authorized, and different features.” From there the group was capable of exfiltrate “some emails and connected paperwork.” Microsoft famous in its disclosure that the attackers seemed to be in search of details about Microsoft’s investigations and information of Midnight Blizzard itself.
“The assault was not the results of a vulnerability in Microsoft services or products. Up to now, there is no such thing as a proof that the menace actor had any entry to buyer environments, manufacturing programs, supply code, or AI programs,” the corporate wrote in its disclosure. “This assault does spotlight the continued danger posed to all organizations from well-resourced nation-state menace actors like Midnight Blizzard.”