Hewlett Packard Enterprise has informed over a dozen of its employees that their data — including Social Security numbers, credit card numbers, and driver's license details — had been exfiltrated from its Office 365 environment following an attack by Russian state-sponsored threat group Midnight Blizzard, also known as APT29 and Cozy Bear, nearly two years ago, TechCrunch reports.
Infiltration of internal HPE email boxes within the Office 365 environment through a compromised account in May 2023 enabled Midnight Blizzard hackers to access mailbox data from its workers in the cybersecurity, business, and go-to-market teams, according to HPE, which did not specify the impact of the incident but emphasized that only a limited number of employees and customers were affected. Such a development comes more than a year after Microsoft disclosed having had its network breached by Midnight Blizzard, which then sought to compromise the emails of the firm's executives and cybersecurity leaders.
