Midnight Blizzard Rattles Microsoft and HPE in Hacking Fiasco – Skyhigh Security Intelligence Digest

February 26, 2024

By Rodman Ramezanian - Global Cloud Threat Lead, Skyhigh Security

Recently, reports of Microsoft and Hewlett Packard Enterprise (HPE) being breached via their cloud-based email infrastructures have taken the cybersecurity industry by storm.

In 2020, SolarWinds experienced several security breaches. It appears the same actors, now more commonly referred to as Midnight Blizzard (aka Cozy Bear, Nobelium, APT29), appear to be at it again.

Despite the close timing of the disclosures of security breaches at HPE and Microsoft, the prevailing emphasis is on Midnight Blizzard’s persistent international espionage activities. Reports strongly associate this threat group with the Russian Foreign Intelligence Service (SVR), highlighting its ongoing commitment to exploiting vulnerabilities in the digital footprints and assets of various organizations.

Both incidents exhibited a common thread, as the Midnight Blizzard operators managed to infiltrate the cloud-based email environments of HPE and Microsoft. This was achieved through targeted attacks on individual employees’ mailboxes and password spray attacks, indicating a consistent approach employed by the threat group.

What actions are possible? Find out how Skyhigh Security can help defend against attacks like these in our most recent Intelligence Digest.