Cyber Attack cyber

Microsoft

Feb 25, 2025 1 min read
Microsoft

A large botnet, composed of over 130,000 devices and attributed to a Chinese-affiliated hacking group, has been targeting Microsoft 365 (M365) accounts through password spraying attacks. By exploiting the use of basic authentication, the botnet bypassed multi-factor authentication (MFA), leveraging stolen credentials. The breach has been ongoing since at least December 2024 and poses significant risks as it operates undetected by exploiting Non-Interactive Sign-In logs. Security teams usually overlook these logs, which conceal the high-volume password spraying attempts. These attacks have had widespread global impacts across numerous M365 tenants, leading to potential compromises in user account security and organizational data integrity.

Source: https://securityaffairs.com/174595/cyber-crime/large-botnet-targets-m365-password-spraying-attacks.html

TPRM report: https://scoringcyber.rankiteo.com/company/microsoft

"id": "mic000022525",
"linkid": "microsoft",
"type": "Cyber Attack",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Microsoft 365',
                        'type': 'Cloud Service'}],
 'attack_vector': 'Password Spraying',
 'date_detected': 'December 2024',
 'description': 'A large botnet, composed of over 130,000 devices and '
                'attributed to a Chinese-affiliated hacking group, has been '
                'targeting Microsoft 365 (M365) accounts through password '
                'spraying attacks. By exploiting the use of basic '
                'authentication, the botnet bypassed multi-factor '
                'authentication (MFA), leveraging stolen credentials. The '
                'breach has been ongoing since at least December 2024 and '
                'poses significant risks as it operates undetected by '
                'exploiting Non-Interactive Sign-In logs. Security teams '
                'usually overlook these logs, which conceal the high-volume '
                'password spraying attempts. These attacks have had widespread '
                'global impacts across numerous M365 tenants, leading to '
                'potential compromises in user account security and '
                'organizational data integrity.',
 'impact': {'systems_affected': 'Microsoft 365'},
 'initial_access_broker': {'entry_point': 'Basic Authentication'},
 'motivation': 'Data Theft',
 'threat_actor': 'Chinese-affiliated hacking group',
 'title': 'Botnet Targeting Microsoft 365 Accounts Through Password Spraying '
          'Attacks',
 'type': 'Password Spraying Attack',
 'vulnerability_exploited': 'Basic Authentication'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.