Microsoft and HPE Disclose Midnight Blizzard Hacking Incidents

Microsoft and Hewlett-Packard Enterprise (HPE) have recently revealed that they were targets of cyberattacks by the infamous “Midnight Blizzard” hacking group associated with Russia’s SVR foreign intelligence. Both companies disclosed corporate email breaches, shedding light on the persistent international espionage activities of Midnight Blizzard. The group, linked to the SVR’s APT 29 Cozy Bear, has a history of involvement in significant cyber incidents, including the SolarWinds supply chain attack in 2021.

HPE reported that Midnight Blizzard gained access to its cloud-based email environment in May 2023, with the breach coming to light in December 2023. The attackers exfiltrated data from a small percentage of HPE mailboxes, primarily affecting individuals in cybersecurity, go-to-market, business segments, and other functions. The breach was likely connected to a previous incident in June 2023, where Midnight Blizzard accessed and exfiltrated SharePoint files, a cloud collaboration platform integrated with Microsoft 365.

Microsoft detected a system intrusion on January 12, 2024, tied to a November 2023 breach by Midnight Blizzard. The attackers compromised historic Microsoft system test accounts, leading to the unauthorized access of a small percentage of corporate email accounts, including senior leadership and employees in cybersecurity, legal, and other functions. The group exfiltrated emails and attached documents, specifically seeking information related to Microsoft’s investigations and knowledge of Midnight Blizzard.

Both companies emphasized that the cyber attacks were not the result of vulnerabilities in their products or services. Microsoft clarified that there is no evidence the threat actor accessed customer environments, production systems, source code, or AI systems. The incidents highlight the ongoing risk posed by well-resourced nation-state threat actors like Midnight Blizzard.

The Midnight Blizzard group, associated with the Kremlin’s SVR, has a history of persistent and aggressive cyber operations, targeting the interests of the United States, NATO, and partner countries. Despite its known profile, the group continues to demonstrate exceptional operational security and advanced tactics, particularly in targeting Microsoft 365.

The recent breaches serve as a reminder of the challenges posed by state-backed espionage, emphasizing the need for enhanced cybersecurity measures and vigilance in defending against sophisticated threats. The incidents also underscore the counterintelligence goals of hackers, who actively monitor investigative efforts by defenders, as evident in Midnight Blizzard’s interest in learning about Microsoft’s knowledge of their group and methods.

Catch the latest supply chain news at The Supply Chain Report. Learn more about international trade at ADAMftd.com with free tools.

#CyberSecurity #MidnightBlizzard #Hacking #Microsoft #HewlettPackardEnterprise #StateSponsoredThreats #APT29 #CozyBear #DataBreach #CyberEspionage #InfoSec #CloudSecurity #CorporateSecurity #NationStateActors #SupplyChainSecurity