Microsoft

A large botnet, composed of over 130,000 devices and attributed to a Chinese-affiliated hacking group, has been targeting Microsoft 365 (M365) accounts through password spraying attacks. By exploiting the use of basic authentication, the botnet bypassed multi-factor authentication (MFA), leveraging stolen credentials. The breach has been ongoing since at least December 2024 and poses significant risks as it operates undetected by exploiting Non-Interactive Sign-In logs. Security teams usually overlook these logs, which conceal the high-volume password spraying attempts. These attacks have had widespread global impacts across numerous M365 tenants, leading to potential compromises in user account security and organizational data integrity.

Source: https://securityaffairs.com/174595/cyber-crime/large-botnet-targets-m365-password-spraying-attacks.html

"id": "mic000022525",
"linkid": "microsoft",
"type": "Cyber Attack",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"