Chris Tripler/Sipa USA
A logo sign outside a facility occupied by Hewlett Packard Enterprise on July 17, 2016 in Pontiac, Michigan.
new york
CNN
—
Tech company Hewlett Packard Enterprise announced that its cloud-based email system was compromised by the same Russian hacking group that compromised some Microsoft email accounts earlier this month.
Hewlett Packard Enterprise, also known as HPE, disclosed the breach in a securities filing last week. The incident occurred on December 12, 2023, he said, and affected “a small number of his HPE mailboxes belonging to individuals within our cybersecurity, market development, business units, and other departments.” said.
“With the assistance of external cybersecurity experts, we immediately initiated a response process to investigate, contain, remediate the incident, and eradicate the activity,” HPE said in a filing.
HPE said a group also known as “Midnight Blizzard” is suspected of being involved in last month's attack.
U.S. officials and civilian experts say the hacker group has ties to Russia's foreign intelligence services and has a reputation as one of the world's stealthiest and most advanced cyber-espionage groups. . Private analysts have referred to the group as “Midnight Blizzard,'' or part of a group known as “APT29.''
Hackers used buggy software made by US tech company SolarWinds to break into multiple US government agencies and read emails between senior government officials in 2020, US officials said. (The Kremlin denied responsibility.) The spying operation lasted more than a year and forced major changes in the way the U.S. government protects its networks from hackers.
Since then, Russian hackers have continued to use software providers to attempt to infiltrate government agencies in the United States and Europe as part of a long-running quest to gather intelligence in service of the Kremlin, according to an expert who tracks the group. family told CNN.
Alleged Russian computer operatives are particularly adept at infiltrating cloud computing networks, as was the case with the recent HPE breach. The FBI has observed hackers targeting cloud computing environments as far back as 2018, and the agency says this is likely a tactic aimed at covering their tracks. .
HPE said in a filing that an investigation found that the December hacking incident was related to an earlier breach and the theft of some SharePoint files by the same group in May. The company said that after being notified of the breach in June, it “immediately investigated and took containment and remediation measures aimed at eradicating the activity” and that the incident did not have a material impact on the company. Stated.
Regarding the December breach, HPE added: “We have not determined that it is reasonably likely that this incident will have a material impact on our financial condition or results of operations.”
Microsoft revealed last week that the same group had accessed a small number of corporate email accounts several weeks ago, including those of some senior executives. Microsoft similarly said it “immediately activated a response process to investigate, thwart the malicious activity, mitigate the attack, and deny further access to the threat actor.”
But the Russian hackers used a relatively rudimentary technique known as password spraying on their way to compromising the email accounts of Microsoft executives, the tech giant said. The revelations have led to increased scrutiny of Microsoft's security practices from U.S. lawmakers and federal authorities.
A senior National Security Agency official told reporters on Wednesday that it was “unfortunate” that Russian hackers were able to break into Microsoft “in this day and age” using password spray.
Big tech companies like Microsoft will be repeated targets of state-sponsored hackers and need to prepare accordingly, NSA officials said in response to questions during a behind-the-scenes media briefing. .
Microsoft declined to comment Wednesday.
The company was also at the center of an alleged Chinese hack last year in which hackers broke into the email accounts of senior U.S. officials, including Secretary of Commerce Gina Raimondo and Ambassador to China Nicholas Burns. Microsoft said the hacking campaign began after attackers compromised the corporate accounts of Microsoft engineers.
