Microsoft: Blog

Microsoft Warns of Large-Scale Credential Theft Campaign Targeting Global Organizations

Microsoft has issued a warning about an ongoing credential theft campaign impacting 35,000 users across 13,000 organizations in 26 countries. The attack, which remains active, appears to be a coordinated effort to harvest login credentials, potentially for further exploitation, including data breaches, lateral movement, or ransomware deployment.

While Microsoft has not disclosed specific attack vectors or threat actors, the scale of the campaign underscores the persistent risk of credential-based attacks, which remain a favored tactic for cybercriminals and state-sponsored groups. Organizations are advised to monitor for unusual authentication attempts, enforce multi-factor authentication (MFA), and review access logs for signs of compromise.

The incident highlights the critical need for robust identity and access management (IAM) controls, as well as continuous threat detection to mitigate the fallout from stolen credentials. Further details on the attack’s methodology and affected sectors are expected as investigations progress.

Source: https://www.kaseya.com/?post_type=post&p=28292

Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-security

"id": "mic1779258738",
"linkid": "microsoft-security",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '35,000 users',
                        'location': '26 countries',
                        'size': '13,000 organizations',
                        'type': 'Organizations'}],
 'data_breach': {'number_of_records_exposed': '35,000',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Login credentials'},
 'description': 'Microsoft has issued a warning about an ongoing credential '
                'theft campaign impacting 35,000 users across 13,000 '
                'organizations in 26 countries. The attack appears to be a '
                'coordinated effort to harvest login credentials, potentially '
                'for further exploitation, including data breaches, lateral '
                'movement, or ransomware deployment.',
 'impact': {'data_compromised': 'Login credentials',
            'identity_theft_risk': 'High'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'The incident highlights the critical need for robust '
                    'identity and access management (IAM) controls, as well as '
                    'continuous threat detection to mitigate the fallout from '
                    'stolen credentials.',
 'recommendations': 'Enforce multi-factor authentication (MFA), monitor for '
                    'unusual authentication attempts, and review access logs '
                    'for signs of compromise.',
 'references': [{'source': 'Microsoft'}],
 'response': {'containment_measures': 'Monitor for unusual authentication '
                                      'attempts, enforce multi-factor '
                                      'authentication (MFA), review access '
                                      'logs for signs of compromise'},
 'title': 'Large-Scale Credential Theft Campaign Targeting Global '
          'Organizations',
 'type': 'Credential Theft'}

Microsoft: Blog

PostgreSQL: PoC Exploit Released for 20-Year Old PostgreSQL RCE Vulnerability

Ministry of the Interior, Ministry of Economy and Auchan: In a tsunami of data leaks, French society remains vulnerable and authorities powerless

Belgrade School District: Belgrade schools hit by malware, data breach under investigation