HPE says Russian state actor breached email systems

Midnight Blizzard suspected as the attackers

HPE says Russian state actor breached email systems

A Russian hacking group associated with state actors breached HPE email servers in December.

Hewlett Packard Enterprise's (HPE) cloud-based email systems were infiltrated by the same Russian hacking group that targeted Microsoft email accounts earlier this month.

CNN Business says HPE made the breach public through a securities filing last week. The incident occurred on 12th December 2023, affecting a "small percentage" of HPE mailboxes in various departments.

HPE suspects the involvement of the hacking group known as Midnight Blizzard. The group, linked to Russia's foreign intelligence service, has gained a reputation as one of the world's most advanced and elusive cyber espionage units. They were previously accused of using compromised software from SolarWinds to breach multiple US government agencies in 2020, sparking a significant overhaul in US government cybersecurity practices.

The hackers have proven skilled at infiltrating cloud computing networks, a tactic the FBI observed as far back as 2018.

Previous attack in May 2023

HPE says that the December breach was connected to an earlier incident in May, where the same group breached and stole some of its SharePoint files. HPE moved to contain and remediate the situation, claiming that it did not have a significant impact on the company.

Microsoft, which faced a similar breach by the same group this month, said the hackers used a relatively simple password spraying technique (using the same password to try and brute force access to multiple accounts) to breach a small number of corporate email accounts, including those of senior leaders. This disclosure has intensified the scrutiny on Microsoft's security practices.

Both HPE and Microsoft have activated response processes to investigate, contain and remediate the breaches. For its part, the National Security Agency (NSA) expressed disappointment that hackers could use password spraying in this era. As state-backed hackers continue to target major tech firms, the NSA emphasised the need for robust cybersecurity preparation.

HPE does not believe the December breach is likely to have a significant impact on its financial condition or operational results. However, the breach highlights the ongoing challenges tech companies face in securing sensitive information against sophisticated cyber threats.