Security News > 2024 > January > Russian hackers breached Microsoft, HPE corporate maliboxes
Cozy Bear has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise have recently disclosed successful attack campaigns by the Russia-affiliated APT group.
Last Friday, Microsoft revealed that a threat-actor identified as Midnight Blizzard - a hacking group believed to be associated with the Russian Foreign Intelligence Service - has breached their corporate systems on January 12, 2024.
The company revealed that the attack started in late November 2023 and that the hackers used a password spray attack to compromise a legacy non-production test tenant account.
By leveraging the account's permissions, they accessed a "Very small" percentage of corporate email accounts belonging to senior leadership team members and employees from the cybersecurity an legal departments, and managed to steal some emails and attached documents.
"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said, and reassured that the attack was not related to a vulnerability in their products or services.
"Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions," the company noted.
News URL
https://www.helpnetsecurity.com/2024/01/25/cozy-bear-microsoft-hpe/
Related news
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- U.S. Cyber Safety Board Slams Microsoft Over Breach by China-Based Hackers (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Microsoft breach allowed Russian spies to steal emails from US government (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)