Microsoft detected Chinese threat actors employing the Quad7 botnet, also known as CovertNetwork-1658 or xlogin, in sophisticated password-spray attacks aimed at stealing credentials. These attacks targeted SOHO devices and VPN appliances, exploiting vulnerabilities to gain unauthorized access to Microsoft 365 accounts. The botnet, which includes compromised TP-Link routers, relayed brute-force attacks and enabled further network exploitation. Affected sectors include government, law, defense, and NGOs in North America and Europe. The attackers, identified as Storm-0940, utilized low-volume password sprays to evade detection and maintained persistence within victims' networks for potential datapoints exfiltration.
Source: https://securityaffairs.com/170503/malware/quad7-botnet-used-by-chinese-threat-actors.html
"id": "mic001110524",
"linkid": "microsoft",
"type": "Cyber Attack",
"date": "11/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"