Tech firm Hewlett Packard Enterprise (HPE) reported a breach in its cloud-based email systems. The incident, occurring on December 12, 2023, impacted a small percentage of HPE mailboxes, primarily in cybersecurity, go-to-market, and business segments. HPE suspects the involvement of the Russian hacking group known as “Midnight Blizzard,” recognized for advanced cyber espionage.
The company revealed the breach in a securities filing last week. HPE, assisted by external cybersecurity experts, promptly initiated response measures to investigate, contain, and remediate the incident. The hacking group, linked to Russia’s foreign intelligence service, gained notoriety for its role in the SolarWinds breach in 2020.
The investigation uncovered a connection between the December breach and an earlier incident in May. In May, the same group stole SharePoint files, prompting HPE to take containment and remediation measures.
While the May breach did not materially impact the company, the December incident added to concerns about state-backed hacking targeting major tech firms.
The Russian group, known for its proficiency in cloud computing network intrusions, targeted HPE using similar tactics. The attack, following the pattern of other advanced cyber espionage campaigns, highlighted the vulnerability of cloud-based networks.
The disclosure comes in the wake of Microsoft’s similar experience with the same hacking group, raising questions about the security practices of major tech companies.
In summary, HPE’s cloud email breach, attributed to the Russian group “Midnight Blizzard,” underscores the ongoing challenges posed by state-backed hacking to major tech firms, emphasizing the vulnerability of cloud-based networks.
