Midnight Blizzard Hacking Spike Re-invigorates the Lights
Advertisement: Click here to learn how to Generate Art From Text
Microsoft and Hewlett-Packard Enterprise (HPE) both recently disclosed that they suffered corporate email breaches at the hands of Russia’s “Midnight Blizzard” hackers.
The group, which is linked to the Kremlin’s SVR foreign intelligence agency, is specifically connected to SVR’s APT 29 cozy bear, the gang responsible for the Cozy Bear attack. MeddlingThe United States 2016 presidential elections has seen aggressive government and business conduct. Espionage in the worldThe 2021 scandal has been a source of controversy for many years. SolarWinds supply-chain attack. The fact that both HP and Microsoft’s breaches were revealed within days of one another highlights the reality of Midnight Blizzard’s international espionage operations and the lengths they will go to in order to find weaknesses in digital defenses of organizations.
“We shouldn’t be surprised that Russian intelligence-backed threat actors, and SVR in particular, are targeting tech companies like Microsoft and HPE. With organizations that size, it would be a much bigger surprise to learn they weren’t,” says Jake Williams, a former US National Security Agency hacker and current faculty member at the Institute for Applied Network Security.
HP Enterprise stated in a US Securities and Exchange Commission Submission posted on Wednesday that Midnight Blizzard gained access to its “cloud-based email environment” last year. The company was first made aware of the situation on 12 December 2023. However the attack actually began in May 2023. Hackers “accessed and exfiltrated data … from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” the company wrote in the SEC filing. HP Enterprise said the breach likely came about as the result of another incident, discovered in June 2023, in which Midnight Blizzard also accessed and exfiltrated company “SharePoint” files beginning as early as May 2023. SharePoint is a Microsoft cloud collaboration platform that integrates with Microsoft 365.
“The accessed data is limited to information contained in the HPE users’ email boxes,” HP Enterprise spokesperson Adam Bauer told WIRED in a statement. “We continue to investigate and analyze these mailboxes to identify information that could have been accessed and will make appropriate notifications as required.”
Microsoft You can also read about the importance of this in our articleOn Friday, Microsoft announced that it had detected a system breach on January 12 that was linked to a November 20,23 breach. The attackers targeted and compromised some historic Microsoft system test accounts that then allowed them to access “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.” From there the group was able to exfiltrate “some emails and attached documents.” Microsoft noted in its disclosure that the attackers appeared to be seeking information about Microsoft’s investigations and knowledge of Midnight Blizzard itself.
“The attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,” the company wrote in its disclosure. “This attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.”