Russian State Actor Hacks Hewlett Packard Enterprise’s Cloud-Based Email Systems

russian-state-actor-hacks-hewlett-packard-enterprise's-cloud-based-email-systems

In a recent cyberattack, Hewlett Packard Enterprise (HPE) fell victim to a Russian state actor, marking another instance of state-sponsored cyber espionage that has been plaguing the tech industry. HPE revealed this breach in a securities filing last week, shedding light on the incident that occurred on December 12, 2023.

The Russian hacking group responsible for the attack compromised some Microsoft email accounts earlier in the same month, underscoring their audacity and sophistication. HPE assures that the impact of the breach was limited, affecting a small percentage of HPE mailboxes belonging to individuals in their cybersecurity, go-to-market, business segments, and other functions.

HPE swiftly responded to the breach by activating its response process, which included an investigation into the incident, containment efforts, and subsequent remediation actions, effectively eradicating the malicious activity. The group suspected of orchestrating the attack is sometimes referred to as “Midnight Blizzard,” with alleged ties to Russia’s foreign intelligence service.

Midnight Blizzard, or APT29 as it is known in some circles, gained notoriety in 2020 for using compromised software from US tech firm SolarWinds to infiltrate multiple US government agencies and access emails of senior agency officials. This sophisticated spying campaign extended for over a year, leading to significant changes in how the US government defends its networks against cyber threats.

Since then, the Russian hacking group has continued its operations, focusing on infiltrating US and European government agencies. Their recent breach of HPE, primarily targeting cloud computing networks, underscores their proficiency in this area. In fact, the FBI has been monitoring their efforts to compromise cloud environments as far back as 2018, seeing it as a tactic aimed at obscuring their tracks.

Furthermore, HPE disclosed that the December breach had a connection to a previous incident in May, where the same hacking group stole some of its SharePoint files. Following notification of the May breach, HPE promptly investigated the matter and implemented containment and remediation measures, ensuring it did not significantly impact the company.

Microsoft also fell victim to this Russian hacking group, with the attackers employing a relatively basic technique known as “password spraying” to breach corporate email accounts. The incident has drawn attention to Microsoft’s security practices, with a senior US National Security Agency official expressing disappointment in the use of such a basic method in today’s cybersecurity landscape.

These breaches serve as a stark reminder that large tech firms like Microsoft and HPE remain prime targets for state-sponsored hackers. As a result, these companies must continually enhance their security measures to protect their networks and sensitive information from sophisticated threat actors.

This latest incident comes on the heels of a separate alleged Chinese hack targeting Microsoft last year, which compromised the email accounts of senior US officials, highlighting the ongoing and relentless nature of cyber threats faced by tech giants in today’s digital age.