Microsoft and Hewlett-Packard Enterprise (HPE) have both revealed that they were victims of corporate email breaches orchestrated by the Russian hacking group known as “Midnight Blizzard.” The group, which is linked to the Kremlin’s SVR foreign intelligence agency, has been involved in government and corporate espionage for years. It gained notoriety for its role in the 2016 US presidential election meddling and was also responsible for the SolarWinds supply chain attack in 2021. Both Microsoft and HPE discovered the breaches recently, highlighting the ongoing activities of Midnight Blizzard and its determination to exploit vulnerabilities in organizations’ digital defenses.
HPE disclosed in a US Securities and Exchange Commission filing that Midnight Blizzard gained access to its cloud-based email environment last year. The breach began in May 2023 and was discovered by the company on December 12, 2023. The hackers accessed and exfiltrated data from a small percentage of HPE mailboxes belonging to individuals in various departments. The breach was likely a result of another incident discovered in June 2023, where Midnight Blizzard accessed and exfiltrated SharePoint files, a cloud collaboration platform made by Microsoft.
Microsoft, on the other hand, detected a system intrusion on January 12 that was linked to a breach in November 2023. The attackers compromised historic Microsoft system test accounts, which allowed them to access a small percentage of corporate email accounts, including those of senior leadership members and employees in cybersecurity, legal, and other departments. The group was able to exfiltrate some emails and attached documents. Microsoft clarified that the attack was not due to a vulnerability in its products or services, and there is no evidence that the attackers gained access to customer environments, production systems, source code, or AI systems.
These breaches highlight the ongoing threat posed by well-resourced nation-state threat actors like Midnight Blizzard. The group’s history of espionage and cyberattacks demonstrates their determination to target organizations, including large tech companies like Microsoft and HPE. It is crucial for organizations to remain vigilant and continuously strengthen their digital defenses to protect against such sophisticated attacks.
Images and subject matter derived from 3rd party sources including www.wired.com.
