Massive Password Spray Attack Targets Microsoft 365 Accounts

Massive Password Spray Attack Targets Microsoft 365 Accounts

First seen 1 Jul 2026, 10:45 UTC HuntressThehackernewsFeeds.4SysopsSecurityaffairs.CoCybersecuritynews+1 83% similarity 69.0
Share:

Article Content

Browse articles
ThreatCluster

A significant automated password spray attack has targeted Microsoft 365 environments, generating over 81 million login attempts between June 12 and June 26, 2026. The attack, attributed to a threat actor using an IPv6 address range controlled by LSHIY LLC, successfully compromised 78 Microsoft accounts across 64 organizations. Attackers exploited the Azure command-line interface (CLI) using valid username and password combinations from previous breaches. Despite many organizations having multi-factor authentication (MFA) in place, misconfigurations in Conditional Access policies allowed the attackers to bypass MFA using the Resource Owner Password Credentials (ROPC) OAuth mechanism. Huntress, a cybersecurity firm, reported a 155-fold increase in password spray attacks over the past six months. The attack highlights vulnerabilities in existing security configurations, particularly regarding legacy authentication methods.

Key Points: • Over 81 million login attempts were made against Microsoft 365 accounts in a two-week period. • The attack exploited misconfigured Conditional Access policies, allowing bypass of MFA. • 78 Microsoft accounts were compromised across 64 organizations during the campaign.

ThreatCluster AI

Timeline

2026-06-12
Password spray attack begins
Automated attacks targeting Microsoft 365 accounts commenced, leading to millions of login attempts.
Huntress
2026-06-26
Attack concludes
The campaign resulted in over 81 million login attempts and 78 compromised accounts.
BleepingComputer
Recent
Huntress reports surge in attacks
Huntress observed a 155-fold increase in password spray attacks over the last six months.
Cybersecuritynews

Community

Browse all →