Summary: A botnet controlled by a China-linked threat actor has been conducting extensive password spraying attacks on Microsoft 365 accounts, utilizing over 130,000 compromised devices. These attacks exploit non-interactive sign-ins with Basic Authentication, which often bypass Multi-Factor Authentication (MFA). As Microsoft works towards phasing out Basic Authentication, security experts warn of the immediate risks posed by these stealthy attacks.
Affected: Microsoft 365 accounts
Keypoints :
- Botnet powered by 130,000 compromised devices targeting Microsoft 365 accounts.
- Attacks leverage non-interactive sign-ins that do not trigger MFA, utilizing Basic Authentication vulnerabilities.
- Stealthy nature of the attacks makes them difficult to detect, as they appear in non-interactive sign-in logs.