![](\"https:\/\/media.wired.com\/photos\/65a85ac4d4f9c4852c461f33\/master\/pass\/Vulnerable-Car-Insurance-Premiums-Calculator-Exposed-Vast-Trove-of-Indian-Customer-Data-Security-GettyImages-1530802881.jpg\"\/)
<\/p>\n<\/p>\n
Credit to Author: Lily Hay Newman| Date: Thu, 25 Jan 2024 21:30:58 +0000<\/strong><\/p>\n Lily Hay Newman<\/a><\/span><\/span><\/p>\n Microsoft and Hewlett-Packard Enterprise (HPE) both recently disclosed that they suffered corporate email breaches at the hands of Russia's \u201cMidnight Blizzard\u201d hackers.<\/p>\n The group, which is tied to the Kremlin's SVR foreign intelligence, is specifically linked to SVR's APT 29 Cozy Bear, the gang that meddled<\/a> in the United States 2016 presidential election, has conducted aggressive government and corporate espionage around the world<\/a> for years, and was behind the infamous 2021 SolarWinds supply chain attack<\/a>. While both HP's and Microsoft's breaches came to light within days of each other, the situation mainly illustrates the ongoing reality of Midnight Blizzard's international espionage activities and the lengths it will go to to find weaknesses in organizations' digital defenses.<\/p>\n \u201cWe shouldn't be surprised that Russian intelligence-backed threat actors, and SVR in particular, are targeting tech companies like Microsoft and HPE. With organizations that size, it would be a much bigger surprise to learn they weren't,\u201d says Jake Williams, a former US National Security Agency hacker and current faculty member at the Institute for Applied Network Security.<\/p>\n HP Enterprise said in a US Securities and Exchange Commission submission<\/a> posted on Wednesday that Midnight Blizzard gained access to its \u201ccloud-based email environment\u201d last year. The company first learned about the situation on December 12, 2023, but said that the attack began in May 2023. Hackers \u201caccessed and exfiltrated data \u2026 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,\u201d the company wrote in the SEC filing. HP Enterprise said the breach likely came about as the result of another incident, discovered in June 2023, in which Midnight Blizzard also accessed and exfiltrated company \u201cSharePoint\u201d files beginning as early as May 2023. SharePoint is a much-targeted cloud collaboration platform made by Microsoft that integrates with Microsoft 365.<\/p>\n \u201cThe accessed data is limited to information contained in the HPE users\u2019 email boxes,\u201d HP Enterprise spokesperson Adam Bauer told WIRED in a statement. \u201cWe continue to investigate and analyze these mailboxes to identify information that could have been accessed and will make appropriate notifications as required.\u201d<\/p>\n Meanwhile, Microsoft said<\/a> on Friday that it detected a system intrusion on January 12 tied to a November 2023 breach. The attackers targeted and compromised some historic Microsoft system test accounts that then allowed them to access \u201ca very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions.\u201d From there the group was able to exfiltrate \u201csome emails and attached documents.\u201d Microsoft noted in its disclosure that the attackers appeared to be seeking information about Microsoft's investigations and knowledge of Midnight Blizzard itself.<\/p>\n \u201cThe attack was not the result of a vulnerability in Microsoft products or services. To date, there is no evidence that the threat actor had any access to customer environments, production systems, source code, or AI systems,\u201d the company wrote in its disclosure. \u201cThis attack does highlight the continued risk posed to all organizations from well-resourced nation-state threat actors like Midnight Blizzard.\u201d<\/p>\n