HPE Says It Was Hacked by Group Believed to Be Midnight Blizzard

(Bloomberg) -- Hewlett Packard Enterprise Co. said a suspected nation-state actor gained unauthorized access to its cloud-based email system, pointing a finger at a group also suspected in a recent Microsoft Corp. hack.

The entity is “believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear,” HPE said in a regulatory filing on Wednesday.

The company said it was informed on Dec. 12 that a nation-state hacking group had breached the email system and that it accessed and “exfiltrated data” starting in May 2023 from a small percentage of its mailboxes belonging to people who work in cybersecurity and other departments.

HPE believes the breach is likely related to earlier activity by Midnight Blizzard, a hacking group linked to Russia. In that incident, the company was notified in June 2023 that hackers had gained access and exfiltrated a limited number of SharePoint files as early as the previous month. HPE and cybersecurity experts investigated the incident and “took containment and remediation measures intended to eradicate the activity,” the company said in the filing.

The company said the incident hasn’t had a material impact on its operations, as of the time of the filing.

Midnight Blizzard is the same group suspected of a hack Microsoft announced last week. In that incident, the intruders breached the company in November and were able to steal emails and documents from “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions,” according to a statement from Microsoft.

The hackers used a “password spray” attack to infiltrate Microsoft’s systems, which involves quickly trying multiple passwords on specific user names in order to try breaching targeted corporate accounts.

Cozy Bear is one of Russia’s most notorious hacking groups, accused of hacking the Democratic National Committee during the 2016 presidential election. The same group was also blamed for the cyberattack on SolarWinds Corp., a massive cyberespionage effort that was disclosed in 2020, and breached major technology companies and US federal agencies.

The UK and US governments have said that the group is affiliated with Russia’s Foreign Intelligence Service, the SVR.

