January 25, 2024 at 05:18AM
Hewlett Packard Enterprise (HPE) disclosed that its cloud email environment was targeted by hackers believed to be sponsored by the Russian government. The attack, attributed to the Midnight Blizzard and Cozy Bear threat groups, resulted in unauthorized access and data exfiltration. Microsoft also reported a similar attack by the same groups, raising concerns of a coordinated campaign.
Based on the meeting notes, the key takeaways are as follows:
1. Hewlett Packard Enterprise (HPE) experienced a cybersecurity breach related to its cloud-based email environment, which was targeted by hackers believed to be sponsored by the Russian government, specifically by the group known as Midnight Blizzard and Cozy Bear.
2. The breach involved unauthorized access and data exfiltration from a small percentage of HPE mailboxes used by staff in cybersecurity, go-to-market, business segments, and other departments.
3. Microsoft also reported being targeted by the Midnight Blizzard group, resulting in the theft of emails and attachments from senior executives, as well as from cybersecurity and legal department staff.
4. The hackers used a password spray attack to compromise a legacy non-production test tenant account at Microsoft and then leveraged that account’s permissions to access corporate emails.
5. The same threat actor, Midnight Blizzard, has been associated with other high-profile cyber attacks, including the 2020 SolarWinds attack and exploiting a TeamCity vulnerability on a large scale.
6. The impact of the incidents on HPE and Microsoft is still under investigation, and it’s currently unclear if the attacks were part of the same or separate campaigns.
These takeaways provide a clear understanding of the cybersecurity breaches experienced by HPE and Microsoft and the potential implications of the attacks.