Ongoing Password Spray Attack Targets Microsoft Azure CLI with 81M Attempts

Ongoing Password Spray Attack Targets Microsoft Azure CLI with 81M Attempts

First seen 1 Jul 2026, 10:45 UTC HuntressThehackernewsFeeds.4Sysops 78% similarity 51.9
Share:

Article Content

Browse articles
ThreatCluster

A massive automated password spray attack has been launched against Microsoft Azure CLI users, originating from an IPv6 address range managed by LSHIY LLC. Between June 12 and June 26, over 81 million login attempts were recorded, resulting in at least 78 compromised Microsoft accounts across 64 organizations. Despite the high volume of attempts, the success rate remains low, with only a few accounts compromised daily. The attack exploits weaknesses in Conditional Access policies, which failed to prevent the techniques used by the attackers. Huntress has noted a 155-fold increase in credential spray attacks over the past six months, indicating a concerning trend in the cybersecurity landscape. The attack appears to utilize previously breached username/password combinations. Organizations are urged to review their security configurations to mitigate such threats.

Key Points: • Over 81 million login attempts were made against Microsoft Azure CLI users. • At least 78 Microsoft accounts were compromised across 64 organizations. • The attack exploits weaknesses in Conditional Access policies, highlighting security gaps.

ThreatCluster AI

Timeline

2026-06-12
Password spray attack begins
Automated attacks against Microsoft Azure CLI users commence, originating from LSHIY LLC's IPv6 range.
Huntress
2026-06-19
Spike in compromises observed
12 user accounts were compromised in a single day, marking a significant increase in attack effectiveness.
Huntress
2026-06-22
Significant surge in attacks
30 user accounts were compromised across 23 businesses, indicating a rapid escalation in the attack's impact.
Huntress
2026-06-26
Attack concludes with high volume
The campaign recorded over 81 million login attempts and at least 78 confirmed compromises by this date.
Huntress
2026-07-01
Media coverage highlights attack
Multiple cybersecurity outlets report on the ongoing password spray attack, emphasizing its scale and impact.
Feeds.4Sysops

Community

Browse all →