Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Researchers uncovered a massive automated password spray campaign against Microsoft Azure CLI that used the deprecated ROPC flow to bypass Conditional Access policies and compromise 78 Microsoft accounts across 64 organizations. The attacks exploited reused breached credentials and highlighted misconfigured MFA coverage, especially for Azure CLI logins. #Microsoft #AzureCLI #ROPC #LSHIYLLC #Huntress

Keypoints

  • A massive password spray campaign targeted Microsoft Azure CLI logins.
  • The attackers used the deprecated ROPC flow to bypass Conditional Access policies.
  • More than 81 million login attempts led to 78 compromised Microsoft accounts.
  • The activity mainly came from IPv6 range 2a0a:d683::/32 controlled by LSHIY LLC.
  • Huntress advised enforcing MFA for all users, cloud apps, and client apps.

Read More: https://thehackernews.com/2026/07/azure-cli-password-spray-hits-at-least.html