Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?
Botnet of 130,000 Devices Wreaks Havoc on Microsoft 365 Security: A Comedy of Errors
A botnet of over 130,000 devices is targeting Microsoft 365 accounts with password spraying attacks, exploiting basic authentication to bypass multi-factor authentication. Despite Microsoft’s efforts to phase out basic authentication, it remains a security risk, allowing cybercriminals to sneak past defenses like a ninja with a Wi-Fi password.
Hot Take:
Who would’ve thought that in 2025, the only thing scarier than a power-hungry AI are 130,000 devices working together to steal your Microsoft 365 credentials? It’s like a synchronized swimming team of hackers, doing backflips over your basic authentication defenses! Time to give basic authentication the boot and beef up those security snacks, folks!
Key Points:
- A botnet of over 130,000 devices is using password-spraying attacks against Microsoft 365 accounts.
- These attacks bypass multi-factor authentication by exploiting basic authentication vulnerabilities.
- The activity is recorded in Non-Interactive Sign-In logs, often overlooked by security teams.
- Attackers are using stolen credentials from infostealer logs to target accounts globally.
- The botnet is allegedly linked to a Chinese-affiliated group, using servers set to the Asia/Shanghai timezone.
Already a member? Log in here