A version of this story appeared in the daily Threat Status newsletter from The Washington Times. Click here to receive Threat Status delivered directly to your inbox each weekday.
Software giant Microsoft said it discovered that the Russian hackers who breached its executives’ emails have also targeted other organizations, revealing more potential victims were in the cyberattackers’ crosshairs than previously understood.
The Kremlin-backed Midnight Blizzard hackers were spotted in January by Microsoft running a complex cyber espionage campaign to determine what the company knew about its intrusions.
Microsoft said Thursday it learned that Midnight Blizzard, also identified as Nobelium, targeted others too.
“Using the information gained from Microsoft’s investigation into Midnight Blizzard, Microsoft Threat Intelligence has identified that the same actor has been targeting other organizations and, as part of our usual notification processes, we have begun notifying these targeted organizations,” Microsoft said on its blog.
Microsoft said its investigation is ongoing and it did not identify other potential victims. The company said the hackers are known to primarily target governments, diplomatic entities, nonprofits, and IT service providers, primarily in the U.S. and Europe.
Other likely victims of Midnight Blizzard emerged into public view this week.
Hewlett Packard Enterprise said it suspected the Midnight Blizzard hackers accessed its cloud-based email systems in a disclosure to the U.S. Securities and Exchange Commission.
The information technology services provider said it first learned of the breach on December 12.
“Based on our investigation, we now believe that the threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to market, business segments and other functions,” the company said in the disclosure published on Wednesday.
Whether the hack witnessed by HPE was done in conjunction with the Microsoft breach is not clear. Microsoft said last week it detected hacking activity in January and traced it back to November 2023. HPE said it was notified of its hack in December and traced it back to May 2023.
The Midnight Blizzard hackers are an active group capable of targeting many organizations at once. The group was also responsible for the breach of SolarWinds computer network management software uncovered in 2020 that the Biden administration said gave hackers the ability to spy on or disrupt more than 16,000 computer networks worldwide.
The U.S. at the time linked the hackers to the Russian Foreign Intelligence Service (SVR).
The breach of SolarWinds was publicly uncovered in 2020 but likely began the previous year, according to the U.S. Government Accountability Office.
More recently, Microsoft said in August 2023 it found the same Russian hacking group using Microsoft’s conferencing platforms to gain access to government accounts and other espionage targets.
Some cybersecurity experts believe Midnight Blizzard likely used info gleaned from the previous breaches in the newly discovered cyberattacks.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.