News

Hewlett Packard Tapped for Months by Midnight Blizzard

Hewlett Packard Enterprise's company e-mail was tapped for several months last year by "the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear," per its latest Form 8-K SEC filing.  

The company was notified about the incident on Dec. 12, 2023, but has since estimated that the attackers "accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions."

Hewlett Packard Enterprise officials are still investigating the attack, but they think it was associated with an earlier incident "involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023." The company was notified about that particular attack in "June 2023."

The SEC filing was noted by malware collector vx-underground in this exTwitter post.

The 2023 attacks, now getting reported in a rather obscure Jan. 24, 2024 Form 8-K SEC filing, were not considered to have had a "material impact on the Company’s operations" or "financial condition," Hewlett Packard Enterprise noted. The company had "immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity."

Midnight Blizzard is the name for an espionage group said to be affiliated with Russia, although the 8-K SEC filing didn't make such an attribution. Microsoft last week reported it had been hit by Midnight Blizzard, where its corporate e-mails got tapped, ostensibly to determine Microsoft's knowledge about the group, according to Microsoft's description.

Midnight Blizzard was previously sometimes called "Nobelium." It became notorious for tapping U.S. government e-mails in 2021 using various methods. It compromised SolarWinds' Orion management software and leveraged misconfigurations in Microsoft's Active Directory Federation Services, along with password spray attacks to gain footholds, among other methods.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

comments powered by Disqus

Subscribe on YouTube