HPE Says It Believes Russia-Linked Group Behind Recent Hack

(Bloomberg) -- Hewlett Packard Enterprise Co. said a suspected nation-state actor gained unauthorized access to its cloud-based email system, pointing a finger at a group also suspected in a recent Microsoft Corp. hack.

Most Read from Bloomberg

• Traders Line Up for ‘Once-in-a-Generation’ Emerging Markets Bet

• Blackstone Is Building a $25 Billion Empire of Power-Hungry Data Centers

• Trump Cash Stockpile at Risk From $450 Million Dual Verdicts

• Amazon Drops iRobot Deal; Roomba Maker Cuts 31% of Staff

• Evergrande Set for Liquidation as China Property Crisis Drags On

The entity is “believed to be the threat actor Midnight Blizzard, the state-sponsored actor also known as Cozy Bear,” HPE said in a regulatory filing on Wednesday.

The company said it was informed on Dec. 12 that a nation-state hacking group had breached the email system and that it accessed and “exfiltrated data” starting in May 2023 from a small percentage of its mailboxes belonging to people who work in cybersecurity and other departments.

HPE believes the breach is likely related to earlier activity by Midnight Blizzard, a hacking group linked to Russia. In that incident, the company was notified in June 2023 that hackers had gained access and exfiltrated a limited number of SharePoint files as early as the previous month. HPE and cybersecurity experts investigated the incident and “took containment and remediation measures intended to eradicate the activity,” the company said in the filing.

The company said the incident hasn’t had a material impact on its operations, as of the time of the filing.

Midnight Blizzard is the same group suspected of a hack Microsoft announced last week. In that incident, the intruders breached the company in November and were able to steal emails and documents from “a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions,” according to a statement from Microsoft.

Read More: Microsoft Says Russia-Linked Group Hacked Employee Emails

The hackers used a “password spray” attack to infiltrate Microsoft’s systems, which involves quickly trying multiple passwords on specific user names in order to try breaching targeted corporate accounts.

Cozy Bear is one of Russia’s most notorious hacking groups, accused of hacking the Democratic National Committee during the 2016 presidential election. The same group was also blamed for the cyberattack on SolarWinds Corp., a massive cyberespionage effort that was disclosed in 2020, and breached major technology companies and US federal agencies.

The UK and US governments have said that the group is affiliated with Russia’s Foreign Intelligence Service, the SVR.

Read More: Microsoft Caught in Russia’s Cozy Bear Trap: Cyber Bulletin

(Updates with additional details beginning in fourth paragraph.)

Most Read from Bloomberg Businessweek

• There’s So Much Data Even Spies Are Struggling to Find Secrets

• Basketball, Basketball, Basketball: Inside Steve Ballmer’s New $2 Billion Arena

• How a Lucky Break Fueled Eli Lilly’s $600 Billion Weight-Loss Empire

• AI Needs So Much Power That Old Coal Plants Are Sticking Around

• How the West’s Favorite Autocrat Engineered Africa’s Most Dramatic Turnaround

©2024 Bloomberg L.P.