Microsoft Experiences Cybersecurity Breach

Years after the SolarWinds attack, Microsoft recently experienced another cyberattack by the same Russian state-sponsored group of hackers known as Nobelium. The group accessed several senior leadership accounts beginning in late November 2023, just after Microsoft had announced plans to overhaul its software security following other cyberattacks.

“Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very small percentage of Microsoft corporate email accounts, including members of our senior leadership team and employees in our cybersecurity, legal, and other functions, and exfiltrated some emails and attached documents,” the Microsoft Security Response Center wrote in a blog post filed late on Friday. 

According to the tech giant, the hackers were “initially targeting email accounts” for information about themselves, but Microsoft isn’t sure what other emails and documents were also stolen. The company insists the attack was “not the result of a vulnerability in Microsoft products or services.” 

This is the latest in a string of cyberattack issues Microsoft has experienced over the past five years. The company was the center of the first SolarWinds attack three years ago before 30,000 organizations’ email servers were hacked in 2021. The breach was due to a Microsoft Exchange Server flaw, which resulted in Chinese hackers accessing US government emails. Microsoft is now changing its design, testing, operations, software, and services. 

Data security should be a top priority for any business, and many are unaware that IT assets are most vulnerable during disposition. Data remains on devices until properly sanitized, and when IT assets are disposed of improperly, they become susceptible to data theft.

IT asset disposition enterprises like HOBI partner with companies looking to dispose of retired IT assets responsibly. Whether it’s time for an upgrade or the devices are simply not working correctly, ITAD providers take the problem off of businesses’ hands and ensure they are properly disposed of in an environmentally friendly manner. 

ITAD providers offer a myriad of IT-managed services, including data security. HOBI uses an internally developed data erasure tool, the HOBI Shield, that completely wipes data from a device. Any devices that cannot be thoroughly wiped are destroyed via shredding technology as an extra security step. 

For more information about our ITAD services, call 817-814-2620 or contact HOBI at sales@hobi.com.