Microsoft

Microsoft

Microsoft detected Chinese threat actors employing the Quad7 botnet, also known as CovertNetwork-1658 or xlogin, in sophisticated password-spray attacks aimed at stealing credentials. These attacks targeted SOHO devices and VPN appliances, exploiting vulnerabilities to gain unauthorized access to Microsoft 365 accounts. The botnet, which includes compromised TP-Link routers, relayed brute-force attacks and enabled further network exploitation. Affected sectors include government, law, defense, and NGOs in North America and Europe. The attackers, identified as Storm-0940, utilized low-volume password sprays to evade detection and maintained persistence within victims' networks for potential datapoints exfiltration.

Source: https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html

"id": "mic001110524",
"linkid": "microsoft",
"type": "Cyber Attack",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.