Microsoft and Hewlett Packard Enterprise (HPE) each not too long ago disclosed that their company emails had been compromised by Russian “Midnight Blizzard” hackers.
The group has ties to the Kremlin’s SVR overseas intelligence company and has explicit ties to the SVR’s APT 29 Cozy Bear, a bunch that interfered within the U.S. 2016 presidential election and has performed aggressive authorities and company espionage world wide for years, and has been The person behind the notorious SolarWinds provide chain assault in 2021. Whereas the HP and Microsoft breaches got here to mild inside days of one another, the scenario largely illustrates the continuing actuality of Midnight Blizzard’s worldwide espionage and its efforts to search out weaknesses in organizations’ digital defenses.
“We shouldn’t be shocked to see assaults by Russian intelligence-backed risk actors, significantly SVR, focusing on tech corporations like Microsoft and HPE. For a company of this measurement, it could be a fair larger shock to search out out that they weren’t. .” stated Jake Williams, a former NSA hacker and present college member on the Utilized Cybersecurity Institute.
Midnight Blizzard gained entry to its “cloud-based e-mail surroundings” final 12 months, Hewlett Packard Enterprise stated in a U.S. Securities and Alternate Fee submitting launched Wednesday. The corporate was first knowledgeable of the scenario on December 12, 2023, however stated the assault started in Could 2023. The hackers “accessed and stole information from a small variety of HPE mailboxes belonging to people inside our cybersecurity group…advertising and marketing, enterprise items and different capabilities,” the corporate wrote in an SEC submitting. HP Enterprise stated the leak might have been brought on by one other incident found in June 2023, wherein Midnight Blizzard started accessing and stealing firm “SharePoint” information as early as Could 2023. SharePoint is a purpose-built cloud collaboration platform offered by Microsoft and built-in with Microsoft 365.
“The info accessed was restricted to data contained in HPE customers’ e-mail inboxes,” Hewlett Packard Enterprise spokesman Adam Bauer instructed Wired in an announcement. “We are going to proceed to analyze and analyze these inboxes to find out who might have been accessed.” data and acceptable notifications shall be issued as obligatory.”
In the meantime, Microsoft stated on Friday that it detected a system intrusion on January 12 associated to the November 2023 breach. The attackers focused and compromised quite a lot of historic Microsoft system check accounts, which then allowed them to entry “a really small proportion of Microsoft company e-mail accounts, together with members of our senior management crew and workers throughout our cybersecurity, authorized and different capabilities.” .” From there, the group was in a position to steal “quite a lot of emails and connected information.” Microsoft famous in its disclosure that the attackers seemed to be searching for details about Microsoft’s investigation in addition to information of Midnight Blizzard itself.
“This assault was not brought on by a vulnerability in a Microsoft services or products. To this point, there is no such thing as a proof that the risk actor had entry to buyer environments, manufacturing programs, supply code, or synthetic intelligence programs,” the corporate wrote in its disclosure. “This assault actually highlights the continuing threat posed to all organizations from well-resourced nation-state risk actors like Midnight Blizzard.”