Published in News

HPE hacked by Putin's Cozy Bears

by on25 January 2024
HPE hacked by Putin's Cozy Bears


Corporate email boxes hit

A Russia-based threat actor known as “Cozy Bear” or “Midnight Blizzard” has nicked some of HPE’s corporate mailboxes, the company confessed in a Securities and Exchange Commission (SEC) filing.

HPE said: “Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions.” 

HPE said that after being tipped off in June 2023 by a known threat actor about unauthorised access to SharePoint files dating back to May 2023, it launched an investigation with external cybersecurity experts and took containment measures.

“We determined that such activity did not materially impact the Company,” it concluded.

In 2018, Chinese hackers working for the Ministry of State Security infiltrated the networks of HPE and IBM and subsequently used this access to launch cyberattacks.

This data breach of HPE’s mailboxes comes days after Microsoft revealed that inboxes belonging to its senior leadership had been hit by a Russian threat actor believed to be Midnight Blizzard.

It’s unknown if this is part of a coordinated campaign targeting US tech giants or if it was separate factions within Midnight Blizzard or Cozy Bear working on unique missions.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” Microsoft said in a blog post disclosing the attack.

Password spraying is a brute-force cyberattack where attackers use a common password across many accounts to bypass lockout policies.

While hacker collectives will be known by different nicknames, with different nicknames representing different teams in a broader collective, the official designation for Cozy Bear by US cybersecurity authorities is APT29. It is affiliated with the Russian Foreign Intelligence Services (SVR).

APT29 is believed to be behind the 2020 Solar Winds attack, which led to breaches at the US Treasury, the US Department of Commerce, and other government agencies. The group is also said to be responsible for the 2016 intrusion into the Democratic National Committee’s network.

 

Last modified on 25 January 2024
Rate this item
(0 votes)
More in this category: « Boeing plane loses a wheel as it tries to take off from Atlanta SK Hynix is back in black »
back to top

Latest comments