At this time last week, I was writing about Microsoft getting pwned by Midnight Blizzard who also are known as Cosy Bear. Well, HPE has joined the list of companies that were pwned by this group. Here are the details:
A Russia-based threat actor known as “Cozy Bear” or “Midnight Blizzard” has breached some of HPE’s corporate mailboxes, the company revealed on Thursday in a Securities and Exchange Commission (SEC) filing.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” HPE said in the SEC filing.
HPE said that after being notified in June 2023 of unauthorized access to SharePoint files dating back to May 2023 by a known threat actor, it conducted an investigation with external cybersecurity experts and took containment measures.
“We determined that such activity did not materially impact the Company,” it concluded.
Sure it didn’t. But I will come back to that later. Right now I want to serve up commentary from Craig Burland, CISO, Inversion6:
Cozy Bear’s latest incursions are a not-so-subtle reminder of two things: 99% isn’t good enough in cybersecurity and if the high-level APTs want to get in, they will. Of Microsoft’s massive defensible perimeter, they left a single gate relatively unguarded – a user credential protected with just a username and password. The compromise of that account led to a bigger prize for Cozy Bear.
There are a number of sayings in the cyber business about the defenders needing to be right all the time. This example reinforces that notion. But, perfect prevention is not easily gained. The commitment, discipline, and cost to reach and maintain perfect prevention is staggering. Instead, while humbling and troubling, the wiser strategy is to accept that breach is probable and spend equal time considering what you do after the initial breach.
I’ll follow that with commentary from Anurag Gurtu, CPO, StrikeReady:
The recent cyberattack on Microsoft and HPE by the Russian hacker group Cozy Bear highlights a critical challenge in cybersecurity. This incident, involving a sophisticated password spray attack that compromised high-level corporate emails, demonstrates the need for continuous vigilance and advanced security protocols in the tech industry. It underscores the evolving nature of cyber threats and the importance of robust defense mechanisms to protect sensitive information in a digitally interconnected world.
The thing is, a group like this wouldn’t be hacking into HPE or Microsoft to get stuff that wasn’t a material impact. They are a nation state group of hackers who are aligned with Russia. So there’s likely more to this. And either we don’t know about it, or HPE and Microsoft don’t know about it. I guess we’ll eventually find out.
Like this:
Like Loading...
Related
This entry was posted on January 27, 2024 at 8:10 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
HPE Got Pwned By The Same Group That Pwned Microsoft
At this time last week, I was writing about Microsoft getting pwned by Midnight Blizzard who also are known as Cosy Bear. Well, HPE has joined the list of companies that were pwned by this group. Here are the details:
A Russia-based threat actor known as “Cozy Bear” or “Midnight Blizzard” has breached some of HPE’s corporate mailboxes, the company revealed on Thursday in a Securities and Exchange Commission (SEC) filing.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,” HPE said in the SEC filing.
HPE said that after being notified in June 2023 of unauthorized access to SharePoint files dating back to May 2023 by a known threat actor, it conducted an investigation with external cybersecurity experts and took containment measures.
“We determined that such activity did not materially impact the Company,” it concluded.
Sure it didn’t. But I will come back to that later. Right now I want to serve up commentary from Craig Burland, CISO, Inversion6:
Cozy Bear’s latest incursions are a not-so-subtle reminder of two things: 99% isn’t good enough in cybersecurity and if the high-level APTs want to get in, they will. Of Microsoft’s massive defensible perimeter, they left a single gate relatively unguarded – a user credential protected with just a username and password. The compromise of that account led to a bigger prize for Cozy Bear.
There are a number of sayings in the cyber business about the defenders needing to be right all the time. This example reinforces that notion. But, perfect prevention is not easily gained. The commitment, discipline, and cost to reach and maintain perfect prevention is staggering. Instead, while humbling and troubling, the wiser strategy is to accept that breach is probable and spend equal time considering what you do after the initial breach.
I’ll follow that with commentary from Anurag Gurtu, CPO, StrikeReady:
The recent cyberattack on Microsoft and HPE by the Russian hacker group Cozy Bear highlights a critical challenge in cybersecurity. This incident, involving a sophisticated password spray attack that compromised high-level corporate emails, demonstrates the need for continuous vigilance and advanced security protocols in the tech industry. It underscores the evolving nature of cyber threats and the importance of robust defense mechanisms to protect sensitive information in a digitally interconnected world.
The thing is, a group like this wouldn’t be hacking into HPE or Microsoft to get stuff that wasn’t a material impact. They are a nation state group of hackers who are aligned with Russia. So there’s likely more to this. And either we don’t know about it, or HPE and Microsoft don’t know about it. I guess we’ll eventually find out.
Share this:
Like this:
Related
This entry was posted on January 27, 2024 at 8:10 am and is filed under Commentary with tags HP. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.