← All stories
● Covered by 2 sources Β· 2 reportsMedium impact

Password Spray Attack Targets Microsoft Azure CLI, Compromising 78 Accounts

πŸ”„ Updated 1h ago β€” new reporting from BleepingComputer
Aggregated by BrevFeed security Β· updated 1h ago
πŸ”– Save

An automated password spray attack on Microsoft's Azure CLI attempted over 81 million logins, affecting 78 accounts across 64 organizations. The attackers exploited a deprecated OAuth flow, bypassing security measures like Conditional Access policies and multi-factor authentication (MFA). This incident underscores vulnerabilities in prevalent security configurations within cloud environments.

Key points

Overview

A password spray attack targeted the Azure CLI of Microsoft, resulting in over 81 million login attempts during a span from June 12 to June 26. Cybersecurity firm Huntress reported that 78 accounts across 64 organizations were compromised in this automated campaign.

Method of Attack

The attack was notable for its use of deprecated OAuth flow, particularly the Resource Owner Password Credentials (ROPC) flow. This vulnerability allowed attackers to bypass Conditional Access policies and multi-factor authentication (MFA), gaining unauthorized access.

The attackers utilized still-valid username and password pairs from past breaches, allowing them to exploit security gaps in Microsoft 365 environments.

Impact and Implications

This incident brings to light significant weaknesses in security measures commonly employed by organizations, such as Conditional Access policies and MFA configurations that do not account for all potential attack vectors.

The activity originated from a specific IPv6 address range owned by internet provider LSHIY LLC, hinting at a coordinated effort to exploit known vulnerabilities in cloud security architectures.

Takeaways

The disclosure of this attack highlights the importance of updating and securing authentication methods and policy configurations. It serves as a wake-up call for organizations using Azure and Microsoft 365, emphasizing the need to review and bolster their security infrastructure to protect against similar threats.

The campaign further stresses the urgent need for discontinuing the use of deprecated protocols and enhancing MFA coverage across various authentication flows.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

How outlets covered it

A password-spraying campaign aimed at Microsoft 365 generated over 81 million login attempts in two weeks, exploiting exposed credentials and bypassing multi-factor authentication (MFA). The incident highlights significant weaknesses in Conditional Access policies that allowed the attacks to succeed.

A password spray attack on Microsoft's Azure CLI has made over 81 million login attempts, compromising 78 accounts across 64 organizations. The attack utilizes a deprecated OAuth flow to bypass security policies, raising concerns over account protection measures.