Russian hack attacks on U.S. technology companies are picking up, and they are coming from a familiar source.
Hewlett Packard Enterprise
disclosed late Wednesday that it learned on Dec. 12 that a “threat actor” known as “Midnight Blizzard” gained unauthorized access to the company’s cloud-based email system starting in May 2023.
HP
said the group accessed and downloaded email from staff in “our cybersecurity, go-to-market, business segments, and other functions.”
Last Friday, Microsoft made a similar disclosure. The company said that the email accounts of some of its senior leadership team have been accessed by Midnight Blizzard, a group of Russian hackers also known as Nobelium, Cozy Bear and APT 29, among other names, allowing them to read some email messages and attached documents.
The same group was behind the 2020 cyberattack on the IT infrastructure company
SolarWinds,
which the U.S. Government Accounting Office has called “one of the most widespread and sophisticated hacking campaigns ever conducted against the federal government and private sector.” A GAO report on that attack said it was backed by the Russian Foreign Intelligence Service.
HP Enterprise said the recent incident “is likely related to earlier activity by this threat actor, of which we were notified in June 2023, involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023.”
HP Enterprise said it has notified law enforcement about the incident. The company said that so far, the attack hasn’t had a material impact on its operations.
Write to Eric J. Savitz at [email protected]
Read the full article here