Botnet of 130,000 Devices Wreaks Havoc on Microsoft 365 Security: A Comedy of Errors
A botnet of over 130,000 devices is targeting Microsoft 365 accounts with password spraying attacks, exploiting basic authentication to bypass multi-factor authentication. Despite Microsoft’s efforts to phase out basic authentication, it remains a security risk, allowing cybercriminals to sneak past defenses like a ninja with a Wi-Fi password.
Hot Take:
Who would’ve thought that in 2025, the only thing scarier than a power-hungry AI are 130,000 devices working together to steal your Microsoft 365 credentials? It’s like a synchronized swimming team of hackers, doing backflips over your basic authentication defenses! Time to give basic authentication the boot and beef up those security snacks, folks!
Key Points:
- A botnet of over 130,000 devices is using password-spraying attacks against Microsoft 365 accounts.
- These attacks bypass multi-factor authentication by exploiting basic authentication vulnerabilities.
- The activity is recorded in Non-Interactive Sign-In logs, often overlooked by security teams.
- Attackers are using stolen credentials from infostealer logs to target accounts globally.
- The botnet is allegedly linked to a Chinese-affiliated group, using servers set to the Asia/Shanghai timezone.
Already a member? Log in here