Summary: A large botnet-driven campaign poses a significant risk to Microsoft 365 environments utilizing Basic Authentication, which Microsoft is phasing out. Attackers leverage a botnet of 130,000 compromised devices to execute password spraying attacks, exploiting non-interactive sign-ins to bypass security measures such as multifactor authentication. Security teams are urged to monitor non-interactive sign-in logs closely and to rotate credentials if suspicious activity is detected.
Affected: Microsoft 365 environments
Keypoints :
- Large-scale password spraying attacks target Microsoft 365 configurations using Basic Authentication.
- Attackers employ a botnet of 130,000 compromised devices to exploit vulnerabilities in non-interactive sign-ins.
- Security teams should monitor logs for non-interactive sign-ins and rotate compromised credentials.
- The campaign is suspected to be linked to Chinese-affiliated attackers, although attribution is ongoing.
Source: https://therecord.media/botnet-credentials-microsoft-spraying-attack