HPE has revealed that it has been infiltrated by hackers employed by Russia. A “small percentage” of HPE email data has been stolen, with affected individuals scattered throughout the company.
The email information came from employees in the cybersecurity, go-to-market and business segments, among others. The attackers, known as Midnight Blizzard/Nobelium, have caused several high-profile hacks, including those on SolarWinds, the U.S. political organization DNC and Microsoft.
SharePoint as an attack vector
In a submission to the SEC, HPE provides some details about the hack. The company states that the attackers gained access to data from May 2023 and managed to extract email data from several sources. The e-mail accounts were laterally accessed within HPE’s Office 365 e-mail environment through a compromised account.
In all likelihood, the incident is related to a previously known infiltration by Midnight Blizzard. In June 2023, HPE discovered that a limited amount of SharePoint files had been captured. That does raise some question marks, since HPE says it then took all necessary steps in June to stop the malicious activity. Nevertheless, the same group was able to steal personal data from HPE undetected for months.
The compromised data is said to have been limited to only the mailboxes of affected users. HPE is not yet sure how many accounts were compromised, a spokesperson told TechCrunch.
Connected to Microsoft incident? HPE doesn’t know
HPE is not privy to all the details of the Microsoft incident and thus cannot determine whether its own incident is connected to it. At Microsoft, Midnight Blizzard managed to compromise the accounts of high-ranking executives through a password spray attack, which brute-forces its way into an account by endlessly trying out various passwords.
Regardless, however, there is a similarity to the Microsoft hack: the fact that the hackers were able to go about their business for months. We noted in that incident that it was presumably a forgotten account that was hit, after which other corporate accounts were laterally attacked. HPE’s choice of words is similar to Microsoft in terms of minimizing the effect of the hack, but is even more succinct than Microsoft’s. After all, it didn’t even release a blog post or any other explanation, just a public SEC filing. The HPE Newsroom and other channels have remained quiet as of now. Other statements, as given to TechCrunch and BleepingComputer, are simply restated affirmations of what was already confirmed to the SEC.