HP, Many More Companies May Have Been Breached By Russian Intelligence Group

'Security experts expect many more companies to disclose that they've been hacked by Russian intelligence agents who stole emails from executives,' reports the Washington Post, 'following disclosures by Microsoft and Hewlett-Packard Enterprise in the past week.'

Microsoft said late Thursday that it had found more victims and was in the process of notifying them. A spokesperson declined to say how many. But three experts in and out of government said that the attack was deeper and broader than the disclosures to date reveal. Two said that more than 10 companies, and perhaps far more, are expected to come forward...

The Securities and Exchange Commission last year strengthened the rules that require companies to notify their stockholders of computer intrusions that could have a material impact on company results. That helped spur the recent disclosures.
A spokesperson for America's Department of Homeland Security said 'at this time we are not aware of impacts to Microsoft customer environments or products,' according to the article. (Although the Washington Post adds that 'The Microsoft and HPE breaches are especially concerning because so many other companies and agencies rely on them for cloud services, including email.')

The attackers were potentially spying on Microsoft's senior leadership team 'for weeks or months,' reports the Verge, citing a newly-published analysis by Microsoft:
Crucially, the non-production test tenant account that was breached didn't have two-factor authentication enabled. [A cyber-breaching group named Nobelium from Russia's foreign intelligence service] 'tailored their password spray attacks to a limited number of accounts, using a low number of attempts to evade detection,' says Microsoft. From this attack, the group 'leveraged their initial access to identify and compromise a legacy test OAuth application that had elevated access to the Microsoft corporate environment....' This elevated access allowed the group to create more malicious OAuth applications and create accounts to access Microsoft's corporate environment and eventually its Office 365 Exchange Online service that provides access to email inboxes...

Hewlett Packard Enterprise (HPE) revealed earlier this week that the same group of hackers had previously gained access to its 'cloud-based email environment.' HPE didn't name the provider, but the company did reveal the incident was 'likely related' to the 'exfiltration of a limited number of [Microsoft] SharePoint files as early as May 2023.'

Read more of this story at Slashdot.