HPE Shivers as Midnight Blizzard Hackers Snatch Employee Data: No Chilly Outlook for Operations

In a frosty twist, HPE’s inbox becomes a snow globe, shaken by Midnight Blizzard’s chilly fingers. No avalanche yet, but HPE’s got its mittens on, just in case. 🌨️❄️ #MidnightBlizzardHack

Hot Take:

Looks like HPE’s got a case of the Midnight Blues, or should I say, ‘Blizzard’. Russian hackers decided to do a little inbox ice fishing and reeled in a “small percentage” of HPE’s cloud-based email catch. But don’t worry, HPE’s not too frostbitten by the ordeal – they say it’s no cold front for their operations. Meanwhile, Microsoft’s scratching its head, wondering how it also became part of the Russian winter wonderland. Bundle up, folks, it’s chilly in cyberspace!

Key Points:

  • Midnight Blizzard, AKA Cozy Bear, AKA Nobelium, has been rummaging through HPE’s emails like a bear in a digital dumpster since May 2023.
  • HPE’s damage report claims it’s more of a snow flurry than a blizzard – no significant operational impact.
  • The snooping spree was part of a buffet, with SharePoint files for starters and Microsoft 365 emails for the main course.
  • The attack didn’t put HPE on thin ice financially or operationally, according to their SEC 8-K relaxation mantra.
  • The cyber cops have been dialed, and HPE is thumbing through its rolodex of regulatory notification obligations.

Need to know more?

When HPE Met Cozy Bear

Sure, a bear hug might sound nice, but not when it's from a Russian state-sponsored bear with a taste for sensitive emails. HPE found themselves in a bear embrace late last year, and it's only now that they've decided to tell us all about their cuddly crisis in their latest SEC 8-K filing. It's like a belated Christmas card nobody wanted.

Midnight Blizzard's Cloudy Days

Imagine finding out that someone's been secretly reading your diary since May. Well, that's HPE's reality, except replace 'diary' with 'cloud-based email inboxes,' and the sneaky reader is Midnight Blizzard. They've been having a field day with HPE's Microsoft 365 suite, which is like finding out Santa actually left coal in your cloud.

The Non-Impact Impact Statement

HPE wants everyone to know they're cool as a cucumber, even though their emails have been making the rounds in Russia. They're adamant that this cyber snowball fight hasn't knocked anything over of value. So, it's business as usual, just maybe double-check those "confidential" email tags in the future, eh?

SharePoint Shenanigans

Before they hit the emails, Midnight Blizzard was playing in HPE's SharePoint sandbox, constructing data castles and moats. The June attack was just a warm-up, a little stretching before the main event. Who needs a gym membership when you can get your exercise sneaking through corporate file systems?

Microsoft's Red Face

What's a party without friends? Nobelium decided to crash Microsoft's place too, around the same time, because why hack one when you can hack two for double the fun? Microsoft's higher-ups, cybersecurity brainiacs, and legal eagles all got their emails peeked at. Talk about an unwelcome plus-one.

Wrap Up in the Cybersecurity Blanket

As the digital snow settles, HPE's doing the rounds with the regulatory bodies, and the cyber police are on the beat. TechRadar Pro offers a cozy newsletter for all those looking to stay warm with the latest news, opinions, and cyber tips. And let's not forget Sead, the Bosnian scribe, who's been charting these icy waters for over a decade. His pen's mightier than the cyber sword, and his IT and cybersecurity tales are sure to add some heat to the narrative.

Tags: data protection regulations, , HPE data breach, Microsoft 365 security, Midnight Blizzard, Nobelium hacker group, state-sponsored hacking