Security News > 2024 > January > Russian hackers breached Microsoft, HPE corporate maliboxes

Cozy Bear has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise have recently disclosed successful attack campaigns by the Russia-affiliated APT group.
Last Friday, Microsoft revealed that a threat-actor identified as Midnight Blizzard - a hacking group believed to be associated with the Russian Foreign Intelligence Service - has breached their corporate systems on January 12, 2024.
The company revealed that the attack started in late November 2023 and that the hackers used a password spray attack to compromise a legacy non-production test tenant account.
By leveraging the account's permissions, they accessed a "Very small" percentage of corporate email accounts belonging to senior leadership team members and employees from the cybersecurity an legal departments, and managed to steal some emails and attached documents.
"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said, and reassured that the attack was not related to a vulnerability in their products or services.
"Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions," the company noted.
News URL
https://www.helpnetsecurity.com/2024/01/25/cozy-bear-microsoft-hpe/
Related news
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)