Search
Close this search box.

Become Cybersafe – 1st February

Table of Contents

Welcome to the latest edition of the Cybersafe Cyber Threats Update, a weekly series in which we bring attention to the latest cyber attacks, scams, frauds, and malware including Ransomware, to ensure you stay safe online.

Here are the most prominent threats which you should be aware of:

Russian hackers breached Hewlett Packard security team’s email accounts

Hewlett Packard Enterprise (HPE) has publicly disclosed a security breach where suspected Russian hackers, identified as Midnight Blizzard (also known as Cozy Bear, APT29, and Nobelium), gained unauthorised access to the company’s Microsoft Office 365 email environment. The breach, detected on December 12, 2023, reportedly occurred in May of the same year, with the threat actors targeting specific HPE mailboxes belonging to individuals in cybersecurity, go-to-market, business segments, and other functions.

The disclosure, made through a Form 8-K SEC filing, outlines HPE’s understanding of the incident based on their ongoing investigation. According to the filing, the threat actor accessed and exfiltrated data from a limited percentage of HPE mailboxes. The breach is suspected to be related to a previous incident in May 2023 when attackers gained access to the company’s SharePoint server, resulting in the theft of files.

HPE is working with external cyber security experts and law enforcement agencies to investigate and respond further to the breach. In a statement to BleepingComputer, the company emphasised its commitment to providing appropriate notifications and ensuring transparency in compliance with regulatory disclosure guidelines. Despite the breach, HPE asserts that there has been no operational impact on its business, and as of the current assessment, there is no indication of a material financial impact.

Interestingly, Microsoft recently reported a security breach involving Midnight Blizzard, indicating a broader campaign by this Russian state-sponsored hacking group. In Microsoft’s case, the breach was attributed to a misconfigured test tenant account, allowing threat actors to brute force the account’s password and gain access to corporate email accounts, including those of the senior leadership team and employees in cybersecurity and legal departments.

It’s worth noting that HPE was previously targeted in 2018 when Chinese hackers breached its network and that of IBM, subsequently exploiting the access to compromise customer devices. In 2021, HPE disclosed another cyber security incident where data repositories for its Aruba Central network monitoring platform were compromised, leading to unauthorised access to information about monitored devices and their locations.

As the investigation into the recent breach continues, HPE remains vigilant, underscoring the evolving and persistent nature of cyber threats faced by large enterprises and the importance of robust cyber security measures in safeguarding sensitive information.

26 Billion Records Leaked in a Historic Data Breach

In a monumental data breach known as the ‘Mother of All Breaches’ (MOAB), security researchers have uncovered an open instance containing over 26 billion data records. The breach, labelled MOAB, is unique for its extensive scale and the sensitivity of the exposed data, most of which is sourced from previous breaches.

The compromised information includes records from diverse organisations, and the dataset involves 3,876 domain names. Despite the likelihood of duplicate records, the sheer volume of potentially unique records raises concerns about the impact on individuals.

The breach has raised awareness about the persistent use of old credentials, as even outdated information remains valuable for cybercriminals. Specific organisations, primarily third-party entities like IT service providers and software companies, appear to be frequent targets, likely due to their attractiveness to cyber criminals.

The compromised data, reported to include sensitive information, poses significant risks such as identity theft, financial fraud, and reputational damage. The breach emphasises the need for organisations to adopt a proactive security mindset, implementing measures such as encrypting databases and Multifactor Authentication (MFA).

Security experts recommend that organisations enforce MFA, discourage password reuse, promote solid passwords or passphrases, and provide staff with awareness training. Additional measures include considering cyber security standards like Cyber Essentials or ISO 27001 and conducting penetration testing to identify and address specific risks.

Microsoft have stated that Russian hackers are targeting other companies


Microsoft has alerted that Russian hackers, identified as the Midnight Blizzard group (aka Nobelium), responsible for the
recent cyber attack on Microsoft’s systems, are also targeting other organisations. The tech giant has initiated notifications to the affected entities.

The hackers employed a password spraying attack, exploiting a legacy system without multi-factor authentication, emphasising concerns over sensitive data. Microsoft revealed that the hackers focused on a limited number of accounts to evade detection and used a distributed residential proxy infrastructure to obfuscate their activities.

The attackers gained access to a small percentage of Microsoft corporate email accounts, showing more interest in the information Microsoft possessed about them. Hewlett Packard Enterprise (HPE) also reported a breach by Midnight Blizzard in its Microsoft-hosted email system, with similarities in attackers and dates with the Microsoft incident. However, a direct link has not been confirmed.

HPE disclosed that data was accessed and exfiltrated from a small percentage of mailboxes starting from May 2023 and is investigating the incident linked to a prior intrusion involving SharePoint files.

—————————————————————————————————————————–

Contact Neuways for Cyber Security For Businesses

If you need any assistance with cyber security to become Cybersafe, then please contact Neuways and we will help you where we can. Just get in touch with our team today. We’re based in Derby but we work with clients all over the country and can travel for your needs.

Want to keep up with our blog?

Get our most valuable tips right inside your inbox, once per month!

Latest IT News & Insights
Phishing Awareness Training
How To React To The Rise In Quality of Phishing Attacks
Be Cybersafe, stay informed, stay vigilant, and let Neuways help you build a strong and secure defence...
Read More
IT Support issues can be resolved by working with companies like Neuways
IT Support issue caused Cornwall Hospital Disruption - Not Cyber Attack
IT Support issues - It's all about backup protocols. These Issues caused disruption in Cornwall. but...
Read More
Neuways explain how to help move IT offices seamlessly.
How to seamlessly move offices without your IT being affected
Moving offices as a business does not have to be complicated. Make life easier for your team by enlisting...
Read More
Choose Neuways for your IT Support, Cyber Security and Business Central needs.
Become Cybersafe: Listen to our Cybersafe Digest Podcast
As leaders of businesses and companies, the weight of safeguarding your company’s assets, reputation,...
Read More
Use a password manager tool like the ones recommended from Neuways
Best thing about using a Password Manager tool
When using a password manager tool, you can store all your login details in one accessible place. It's...
Read More
Cyber Security Representation
The Critical Need for Businesses to Strengthen Cyber Security in the Age of AI
Businesses must take note of the dangers of AI and Cyber Security. In our latest blog we explain the...
Read More
IT Support in Derby from Neuways
What Questions should you be asking your IT Support Provider?
Choosing the right managed IT service provider (MSP) is crucial for your business’s success, and...
Read More
Microsoft Dynamics 365 Business Central Main Product Mockup Showcase ERP
Why Business Central enhances and streamlines solutions
See how Microsoft Dynamics 365 Business Central enhances business solutions and streamlines the processes...
Read More

Frequently Asked Questions

As a leading IT and technology provider, we offer three core services, all of which have additional add-ons. We offer Managed IT Support, Business Central implementation and consultation, as well as Managed Cyber Security. Call us on 01283 753333 if you are interested in any of our services.

Contact us

Support: 01283 753300

Business Development: 01283 753333

Purchasing: 01283 753322

Admin and Accounts: 01283 753311

Email: hello@neuways.com

Managed IT support is a comprehensive solution where an expert IT provider, like Neuways, handles your technology infrastructure. This includes proactive monitoring, maintenance, cyber security, and support.

Yes we do. Your business needs Cyber Security due to the increasing number of cyber threats that are affecting businesses in all industries. If your business has data and technology systems implemented, you will need Managed Cyber Security.

Yes we can. We have our own dedicated Microsoft Dynamics 365 Business Central teams who work to ensure that we can implement the right systems and solutions into your website that are absolute right for you. 

Exclaimer Pro is a dynamic email signature that helps clients to switch and change around email signatures so that clients are able to advertise different offers and brands to a variety of email recipients. Administrators can also manage user emails internally, meaning the user does not have to touch their own email signature.

We offer Managed Security Training to help employees spot email phishing attacks, spear phishing attacks and vishing attacks. We also help train clients on how to use the various pieces of software we provide to clients, like Exclaimer Pro, Business Central and Cybersafe software.

We are a Managed IT Support provider based in Derby, East Midlands. However, we cover so many areas including the whole of the UK, Europe, and America. We are always willing to travel and send our expert technicians to ensure you have the best experience. 

Got a question?

Reach out
& Connect

Please enable JavaScript in your browser to complete this form.
Name