Feeds.4Sysops
Massive Password Spray Attack Targets Microsoft 365 Accounts
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A significant automated password spray attack has targeted Microsoft 365 environments, generating over 81 million login attempts between June 12 and June 26, 2026. The attack, attributed to a threat actor using an IPv6 address range controlled by LSHIY LLC, successfully compromised 78 Microsoft accounts across 64 organizations. Attackers exploited the Azure command-line interface (CLI) using valid username and password combinations from previous breaches. Despite many organizations having multi-factor authentication (MFA) in place, misconfigurations in Conditional Access policies allowed the attackers to bypass MFA using the Resource Owner Password Credentials (ROPC) OAuth mechanism. Huntress, a cybersecurity firm, reported a 155-fold increase in password spray attacks over the past six months. The attack highlights vulnerabilities in existing security configurations, particularly regarding legacy authentication methods.
Key Points: • Over 81 million login attempts were made against Microsoft 365 accounts in a two-week period. • The attack exploited misconfigured Conditional Access policies, allowing bypass of MFA. • 78 Microsoft accounts were compromised across 64 organizations during the campaign.