SECURITY
SECURITY
SECURITY
HPE compromised by same Russian group behind SolarWinds and Microsoft hacks
Hewlett Packard Enterprise Co. is the latest company to be targeted by a Russian-linked hacking group, with a small percentage of mailboxes belonging to people who work in the company’s cybersecurity and other departments compromised.
The disclosure was made in a Jan. 19 filing with the U.S. Securities and Exchange Commission. HPE said the attacker was identified as Midnight Blizzard. Also known as Cozy Bear and Nobelium, the hacking group is the same Russian-linked gang that was behind the hack of SolarWinds and, more recently, the compromise of a small number of email accounts belonging to Microsoft Corp.
HPE said in the filing that it was notified on Dec. 12 that a suspected nation-state actor had gained unauthorized access to HPE’s cloud-based email environment. Upon finding the breach, HPE hired external cybersecurity experts and activated its response plan to investigate, remediate and eradicate the activity.
Further investigation found that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in its cybersecurity, go-to-market, business segments and other departments. HPE added that it believes that the incident was likely related to an incident it became aware of in June 2023 that involved the exfiltration of a limited number of SharePoint files.
HPE has notified law enforcement and is also assessing its regulatory notification obligations. The incident did not have a material impact on the company’s operations. However, it has not been determined if the incident will materially affect the company’s financial conditions or operations. In other words, it’s not 100% sure what was stolen from the breached email accounts.
Although no further information was immediately available, the fact that HPE noted its cybersecurity staff were targeted suggests that Midnight Blizzard/Nobelium was, as in the case with Microsoft, looking for information about itself.
In Microsoft’s case, the threat actor used a password spray attack to compromise a legacy nonproduction test tenant account to gain a foothold and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts. Password-spraying is a type of cyberattack where an attacker attempts to gain unauthorized access to many accounts by employing a few commonly used passwords.
It’s highly likely that similar tactics were used to gain access to HPE corporate email accounts as well.
Image: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
