Tech Giant HP Exploited by Russian Hackers Linked to Microsoft Breach.

[jim]

Tech Giant HP Exploited by Russian Hackers Linked to Microsoft Breach.
HP, one of the world’s leading PC and printer makers, has disclosed that its cloud-based email system was hacked by Midnight Blizzard, a Russian hacking group that also breached Microsoft’s corporate network last week. The company said in a regulatory filing that it was notified of the intrusion on December 12, and that it believes the hackers accessed and exfiltrated data from some of its employees’ mailboxes.

Midnight Blizzard, also known as APT29 or Cozy Bear, is a notorious hacking group that is widely believed to be sponsored by the Russian government. It has been linked to a number of high-profile attacks, including the infamous SolarWinds attack in 2020 and the 2016 breach of the Democratic National Committee. The group focuses on stealthy intelligence-gathering on Western governments, IT service providers, and think tanks.

According to HP, the hackers breached its cloud-based email environment, which runs on Microsoft software, and stole data from a “small percentage” of mailboxes belonging to individuals in its cybersecurity, go-to-market, business segments, and other functions. The company said the accessed data is limited to information contained in the users’ mailboxes, and that it is still investigating the total scope and impact of the incident.

HP said the breach is likely related to an earlier attack by Midnight Blizzard that involved unauthorized access to and exfiltration of a limited number of SharePoint files from its network in May 2023, of which it was notified in June 2023. SharePoint is part of Microsoft’s 365 suite, which includes email, word-processing and spreadsheet apps.

The disclosure by HP comes just days after Microsoft revealed that Midnight Blizzard hackers had breached some of its corporate email accounts, including those of the company’s senior leadership team and employees in its cybersecurity, legal, and other functions. Microsoft said the hackers used a credential stuffing attack, where a bad actor tries the same password on multiple accounts, on a legacy account to access targeted email accounts containing information related to Midnight Blizzard itself.

It is not clear whether the HP and Microsoft breaches are linked, or how the hackers obtained the passwords for the credential stuffing attack. HP said it does not have the details of the incident that Microsoft disclosed, and that it is unable to link the two at this time. Microsoft said it is working with law enforcement and other partners to investigate and respond to the incident.

Both HP and Microsoft said they have taken steps to secure their networks and systems, and to notify and assist the affected customers and employees. They also said they do not expect the incidents to have a material impact on their businesses or financial results.

HP and Microsoft are among the latest victims of Midnight Blizzard, which has been ramping up its cyberattacks in recent months. The group has also targeted other tech companies, such as Dell and Hewlett Packard Enterprise, as well as government agencies, such as the U.S. Department of Justice and the U.S. Department of Commerce.

Midnight Blizzard is considered one of the most sophisticated and persistent cyberthreat actors in the world and has been operating for at least a decade. The group is known for using custom malware, zero-day exploits, and supply chain compromises to infiltrate its targets and evade detection. The group’s motives and objectives are not fully understood, but experts believe they are aligned with the interests and goals of the Russian government.

[Author]

January 25, 2024 at 3:41 PM