Tech firm Hewlett Packard Enterprise says its cloud-based email systems were breached by the same Russian hacking group that compromised some Microsoft email accounts earlier this month.
Hewlett Packard Enterprise, also known as HPE, revealed the breach in a securities filing last week. The incident took place on December 12, 2023, and affected “a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company said.
“The Company, with assistance from external cybersecurity experts, immediately activated our response process to investigate, contain, and remediate the incident, eradicating the activity,” HPE said in the filing.
HPE said in the filing it suspects a group sometimes referred to as “Midnight Blizzard” was responsible for last month’s attack.
The hacking group, which US officials and private experts say has links to Russia’s foreign intelligence service, has gained a reputation as one of the stealthiest and most advanced cyber espionage groups in the world. Private analysts have referred to the group as “Midnight Blizzard” or as part of a group known as “APT29,” among other names.
The hackers used bugged software made by US tech firm SolarWinds to break into multiple US government agencies in 2020 to read emails between senior agency officials, US officials have alleged. (The Kremlin denied responsibility.) The spying campaign lasted well over a year and forced a major shakeup in how the US government defends its networks from hackers.
In the years since, the Russian hacking group has continued to use software providers to try to infiltrate US and European government agencies as part of a long-running quest for intelligence to serve the Kremlin, experts who track the hackers have told CNN.
The alleged Russian computer operatives have been particularly adept at breaking into cloud computing networks, as they did with the recent breach of HPE. The FBI has observed the hackers targeting cloud computing environments as far back as 2018, in what the bureau said was a likely tactic meant to cover their tracks.
This is a developing story and will be updated.
Read the full article here