Russian hackers who tricked Microsoft’s leadership are now wreaking havoc at HPE. The attackers had access to email accounts and SharePoint files.

Microsoft does not appear to be the only victim of the Russian hacker group Midnight Blizzard. A document has been leaked showing that HPE also received uninvited visitors. In the case of HPE, the facts are older: the company noticed something was wrong in December, but after an investigation it turned out that the attackers had been snooping around since May 2023.

Just like at Microsoft, the intruders had access to the email traffic of several employee mailboxes, although it is still unclear how many email accounts were involved. A “limited number” of SharePoint files were also allegedly stolen, although it is not known what they contained. The investigation into the extent of the attack is ongoing, an HPE spokesperson told TechCrunch.

The attackers entered HPE’s IT environment via a compromised Microsoft 365 account. They used the so-called Password spray attack. They tried a series of regular passwords for outdated accounts and then used them for current email accounts.

Formal face

Midnight Blizzard is a well-known name in the hacker community. In a previous life they were known as Nobelium. There is strong suspicion that the hackers are sponsored by the Russian state. Their track record also includes the SolarWinds hack, one of the most infamous hacker attacks to date.