Bizarre and rather dramatically-named hacker organizations are at it again. A Russian hacker group, dubbed Midnight Blizzard (or Cozy Bear), breached HPE and stole the personal data of several employees at the company.
Initial breach in 2023 recently flagged for potential information risk
HPE actually discovered the breach on December 12, 2023, when they discovered that Midnight Blizzard had broken into their Office 365 email system. Upon further investigation, they realized the hackers had had access to sensitive emails and data since May 2023, targeting the mailboxes of employees in cybersecurity, sales, various business units, and other departments. It was in January 2024 when HPE went public about the Midnight Blizzard hack, officially filing paperwork with the Securities and Exchange Commission (SEC).
The hackers got their hands (or paws, rather) on extremely sensitive information, including Social Security numbers, credit cards, and driver’s licenses.
Now, the incident is back in the headlines. HPE sent an official notice to New Hampshire’s attorney general last month, indicating that several individuals’ personal information might have been exposed in the attack. The company has stressed that they have the situation under control and have fixed the security issues.
“HPE’s forensic investigation determined that certain individuals’ personal information may have been subject to unauthorized access,” the notice said. “With the assistance of e-discovery specialists, HPE conducted a thorough review of the data at issue to identify the types of information that may have been subject to unauthorized access and determine to whom this information relates.”
HPE wasn’t the only victim of the group – Microsoft also got hit by the hacker group around the same time. In January 2024, Microsoft came out with a statement that Midnight Blizzard had accessed a small number of their corporate email accounts. Investigations showed that the hackers got in through an old test account that wasn’t adequately secured with two-factor authentication, a common overlook, using a technique called password spraying to break their way in.
As attacks worsen, all companies need to get the basics down
This incident throws into rather sharp relief a troubling pattern of increasingly sophisticated hackers targeting major tech companies through alarmingly basic security oversights. HPE and Microsoft fell victim to Midnight Blizzard despite their size and stack of resources, highlighting how even minor vulnerabilities can lead to massive data exposure.
As these attacks inevitably become more frequent and harmful, it serves as a necessary reminder that security measures, the least of which being multi-factor authentication measures and performing regular security audits, aren’t just best practices – they’re essential defenses against increasingly bold state-sponsored cyber threats.
Want a unique perspective on the current threat landscape and how managed service providers (MSPs) and managed security service providers (MSSPs) can stay ahead of the game? Check out these insights from a former LulzSec hacker.