Hewlett Packard E-Mails Exfiltrated by Midnight Blizzard

Hewlett Packard Enterprise's e-mail was tapped by a threat actor called "Midnight Blizzard" for several months last year, per its latest Form 8-K SEC filing.  

The company was notified about the incident on Dec. 12, 2023, but has since estimated that the attackers "accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions."

Hewlett Packard Enterprise officials are still investigating the attack, but they think it was associated with an earlier incident "involving unauthorized access to and exfiltration of a limited number of SharePoint files as early as May 2023." The company was notified about that particular attack in "June 2023."

The SEC filing was noted by malware collector vx-underground in this exTwitter post.

The 2023 attacks, now getting reported in a rather obscure Jan. 24, 2024 Form 8-K SEC filing, were not considered to have had a "material impact on the Company's operations" or "financial condition," Hewlett Packard Enterprise noted. The company had "immediately investigated with the assistance of external cybersecurity experts and took containment and remediation measures intended to eradicate the activity."

Midnight Blizzard is the name for an espionage group said to be affiliated with Russia, although the 8-K SEC filing didn't make such a claim. Microsoft last week reported it had been hit by Midnight Blizzard, where its corporate e-mails got tapped, ostensibly to determine Microsoft's knowledge about the group, per Microsoft's description.

Midnight Blizzard was previously sometimes called "Nobelium." It became notorious for tapping U.S. government e-mails in 2021 using various methods. It compromised SolarWinds' Orion management software and leveraged misconfigurations in Microsoft's Active Directory Federation Services, along with password spray attacks to gain footholds, among other methods.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Image of a futuristic maze

    The 2024 Microsoft Product Roadmap

    Everything Microsoft partners and IT pros need to know about major Microsoft product milestones this year.

  • Microsoft Sets September Launch for Purview Data Governance

    Microsoft's AI-powered Purview solution to address governance and security challenges is set to become generally available on Sept. 1.

  • An image of planes flying around a globe

    2024 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • End of the Road for Kaspersky in the United States

    Kaspersky on Monday said it is shuttering its U.S. operations, just days before a nationwide ban on sales of its security software was set to take effect.