Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security

HP, Many More Companies May Have Been Breached By Russian Intelligence Group (msn.com) 27

"Security experts expect many more companies to disclose that they've been hacked by Russian intelligence agents who stole emails from executives," reports the Washington Post, "following disclosures by Microsoft and Hewlett-Packard Enterprise in the past week." Microsoft said late Thursday that it had found more victims and was in the process of notifying them. A spokesperson declined to say how many. But three experts in and out of government said that the attack was deeper and broader than the disclosures to date reveal. Two said that more than 10 companies, and perhaps far more, are expected to come forward...

The Securities and Exchange Commission last year strengthened the rules that require companies to notify their stockholders of computer intrusions that could have a material impact on company results. That helped spur the recent disclosures.

A spokesperson for America's Department of Homeland Security said "at this time we are not aware of impacts to Microsoft customer environments or products," according to the article. (Although the Washington Post adds that "The Microsoft and HPE breaches are especially concerning because so many other companies and agencies rely on them for cloud services, including email.")

The attackers were potentially spying on Microsoft's senior leadership team "for weeks or months," reports the Verge, citing a newly-published analysis by Microsoft: Crucially, the non-production test tenant account that was breached didn't have two-factor authentication enabled. [A cyber-breaching group named Nobelium from Russia's foreign intelligence service] "tailored their password spray attacks to a limited number of accounts, using a low number of attempts to evade detection," says Microsoft. From this attack, the group "leveraged their initial access to identify and compromise a legacy test OAuth application that had elevated access to the Microsoft corporate environment...." This elevated access allowed the group to create more malicious OAuth applications and create accounts to access Microsoft's corporate environment and eventually its Office 365 Exchange Online service that provides access to email inboxes...

Hewlett Packard Enterprise (HPE) revealed earlier this week that the same group of hackers had previously gained access to its "cloud-based email environment." HPE didn't name the provider, but the company did reveal the incident was "likely related" to the "exfiltration of a limited number of [Microsoft] SharePoint files as early as May 2023."

This discussion has been archived. No new comments can be posted.

HP, Many More Companies May Have Been Breached By Russian Intelligence Group

Comments Filter:
  • by Eunomion ( 8640039 ) on Saturday January 27, 2024 @10:50AM (#64192306)
    When will the world finally get sick of the cancerous tumor that is fascist Russia? They've been stinking up the joint since at least 2014.
    • by Baron_Yam ( 643147 ) on Saturday January 27, 2024 @11:15AM (#64192378)

      It's a difficult conversation because with the exception of you know... invading Ukraine... they're doing what every other nation that can does; rattle sabres and imply consequences if you don't give them what they want. Even on the 'invading neighbours' stuff you have the US taking questionable action with Iraq and Afghanistan.

      However, I think it is rather obvious that there is a huge qualitative difference - as a Canadian I'd rather border the US than Russia. It's not even a contest. I'm nervous about the US going fascist under Trump, but even that would be better than having Putin next door.

      Attempting to welcome Russia into the world community after the fall of the Soviet Union has obviously failed. They grabbed the olive branches and started whipping everyone with them. Failed culture, and we ought to isolate them unless and until they manage to develop into one you can get along with.

      • by haruchai ( 17472 )

        "Failed culture, and we ought to isolate them unless and until they manage to develop into one you can get along with"
        I'm mostly in agreement but they're aligning with China & thanks to our rampant stupidity helping them become an economic powerhouse, keeping Russia isolated won't be easy. Not to mention if India joins that potential coalition

        • China will eat Russia alive; China is not looking to support Russia but to exploit it as it fails.

          India... I can't tell if they're going to move left or right in the long run. Things have been generally improving there for a long time, but with climate change about to stress them it wouldn't surprise me if they swung hard right. But there's a lot of tension between India and China and I suspect Indians know the Chinese won't treat them as equals. And they can't go to Russia for much if China's eating it

      • To the point you are making: the US annexed part of Canada / international borders recently: https://www.state.gov/announce... [state.gov]

        • To be fair - there actually is ambiguity in how measurements are made to decide who should control the territory, and the US is sort of working under a treaty it hasn't even signed to work it out with us. That's under the current US government. I'd expect a rapid change under a Republican administration.

          The bits about exploration and marine life are all bullshit, of course, it's the estimated 10 billion barrels of oil they (and probably we) want.

  • I keep forgetting HP exists...the once glorious name in computing...for the young folks, when I was starting out, an HP computer was a status symbol we dreamed we could afford. My comp sci friends and I would envy the rich and middle-class kids whose parents could afford to give their kids an HP. They were the Apple of serious work. You paid more and you got more. When I was 18, I dreamed of the day I wouldn't have to buy Packard Bell (for monitors, peripherals, and laptops...I built my own desktops fr
    • I have an HP laptop. No clue who actually made it. It was $300 at Target. About two months in the escape key failed and I sent it back for warranty repair. I got it back two months later, it was fixed at least. I'm actually super happy with it other than that snafu, and the fact that the video driver was crashing when I booted it into the preinstalled Windows. It runs Devuan pretty well, except that the Linux driver for the wlan freezes every few days. That is, admittedly, very sad. Maybe someday I'll bothe

    • It's fragmented already and makes Dell look excellent.

      Another target the hackers have attacked is Tietoevry, looks like they still have work to clean up their operation for the next two weeks.

    • I don't know about glory, but they are still pulling in more than $50 billion a year in revenue. Seems a little premature to call them "dead."

      https://www.statista.com/stati... [statista.com].

  • Russian Intelligence is oxymoronic. They do not have any intelligence. Granted, neither do American executives, so I guess it's a wash.

  • "Microsoft customer environments or products" What is the risk of using Microsoft products in your Information Systems?
  • I know this is hard, but they are different companies

  • Who's going to be first to suggest that we should sue the victims?

  • In Soviet Russia, email reads *you!*
  • I think we now know who used hacked HP ink!
    https://www.wired.com/story/hp... [wired.com]

  • Perhaps they could fleece another country's consumers.
  • ...are nothing but a KGB covered operation ?!?
  • Microsoft is Russia's most useful friend.

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Working...