HPE Data Breach: Russian Office 3 Alerts

So, Hewlett Packard Enterprise (HPE) just announced they’ve had a pretty big data breach. It hit their Office 365 email environment, which is a big deal. And guess who’s behind it? None other than Midnight Blizzard, that notorious Russian state-sponsored hacking group you might also know as Cozy Bear or APT29.

The breach, which began in May 2023, was confirmed by HPE in December 2023 and has since been contained.

Details of the Breach

The attack targeted several email accounts within HPE’s cybersecurity, marketing, and business teams. Using a compromised account, the hackers gained unauthorized access to email mailboxes and exfiltrated sensitive data.

Information stolen includes Social Security numbers, driver’s license details, and credit card numbers belonging to employees. Additionally, some files from HPE’s SharePoint server were accessed during the same timeframe.

HPE’s forensic investigation revealed that the breach was part of a larger campaign by Midnight Blizzard, a group linked to Russia’s Foreign Intelligence Service (SVR).

This group has been implicated in other high-profile cyberattacks, including the SolarWinds espionage campaign and a recent breach of Microsoft’s corporate network.

Response and Notifications

HPE began notifying affected individuals on January 29, 2025. Impacted employees were offered complimentary credit monitoring and identity theft protection services.

The company also implemented enhanced security measures, such as rotating passwords and tokens, increasing monitoring capabilities, and strengthening access controls for privileged accounts

In its communications with regulators and employees, HPE emphasized its commitment to safeguarding personal information and mitigating risks associated with the breach.

The incident highlights ongoing vulnerabilities in cloud-based systems like Microsoft Office 365. Experts have pointed out that such breaches often exploit weak authentication practices or unprotected legacy accounts.

The attack underscores the need for robust cybersecurity measures, including multi-factor authentication (MFA) and tighter endpoint controls.

Midnight Blizzard’s activities appear to be part of a broader espionage effort targeting governments, corporations, and IT service providers worldwide. The group is known for leveraging sophisticated techniques such as password spraying and abusing OAuth applications to maintain persistent access.

This is not the first time HPE has faced cyberattacks. In past years, the company dealt with breaches involving Chinese threat actors and vulnerabilities in its Aruba Central network monitoring platform.

The latest attack adds to growing concerns about state-sponsored cyber espionage targeting critical technology firms. As investigations continue,

HPE has assured stakeholders that it will take all necessary steps to address the incident and prevent future breaches. However, this event serves as a stark reminder of the escalating cyber threats faced by enterprises globally.