Security News > 2024 > January > Russian hackers breached Microsoft, HPE corporate maliboxes

Cozy Bear has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise have recently disclosed successful attack campaigns by the Russia-affiliated APT group.

Last Friday, Microsoft revealed that a threat-actor identified as Midnight Blizzard - a hacking group believed to be associated with the Russian Foreign Intelligence Service - has breached their corporate systems on January 12, 2024.

The company revealed that the attack started in late November 2023 and that the hackers used a password spray attack to compromise a legacy non-production test tenant account.

By leveraging the account's permissions, they accessed a "Very small" percentage of corporate email accounts belonging to senior leadership team members and employees from the cybersecurity an legal departments, and managed to steal some emails and attached documents.

"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said, and reassured that the attack was not related to a vulnerability in their products or services.

"Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions," the company noted.

News URL

https://www.helpnetsecurity.com/2024/01/25/cozy-bear-microsoft-hpe/