Russian cybercriminals managed to penetrate the email servers of Hewlett Packard Enterprise, another Tech giant. The attack comes from the same group that trapped Microsoft earlier.
After Microsoft, which revealed last weekend that it had been hacked, it is the turn of Hewlett Packard Enterprise (HPE) to be trapped by hackers. The American multinational, which has managed the company’s cloud, software, network and server activities since its split from HP, was the victim of the same Moscow-backed cybercriminal group as Microsoft.
Hewlett Packard Enterprise, trapped by the same group as Microsoft…
In accordance with the law, Hewlett Packard Enterprise reported the attack to the US financial markets regulatory and monitoring agency, the Securities and Exchange Commission. In a report dated January 19, 2024 and revealed on January 24, the company explains that it was informed, on December 12, 2023, of a computer attack originating from a group attached to a nation-state.
The group is known by multiple names. It is called Midnight Blizzard as well as Cozy Bear, APT29 or Nobelium. The collective is clearly affiliated with the Kremlin, which supports it financially and helps it carry out its mission of collecting information from large Western companies or institutions.
As with Microsoft, HPE could only observe unauthorized access to its Microsoft 365 cloud messaging environment. And, icing on the cake, the cyberattack comes from the same group as the one that hit the firm at the window.
…and attacked in the same way, with the same consequences
Hewlett Packard Enterprise, which communicated on the incident, indicates that it discovered late that a hacker entered a “ small percentage of email boxes » of people in the company attached to the cybersecurity and business divisions in particular. Suffice to say, therefore, that the hackers were able to get their hands on sensitive data.
The Midnight Blizzard group is in any case causing havoc. He was already involved in the impressive SolarWinds hacking campaign in 2021, and seems to have set out in search of information on major American Tech players for the Russian intelligence collection agency, the SVR.
For the moment, the company HPE continues to lead the investigation, but it now claims that the malicious actors began exfiltrating data as early as May 2023. The company does not know, at the moment, if it is This is an attack directly linked to that of Microsoft.
Source : DRY
1