An automated password spray attack on Microsoft's Azure CLI attempted over 81 million logins, affecting 78 accounts across 64 organizations. The attackers exploited a deprecated OAuth flow, bypassing security measures like Conditional Access policies and multi-factor authentication (MFA). This incident underscores vulnerabilities in prevalent security configurations within cloud environments.
A password spray attack targeted the Azure CLI of Microsoft, resulting in over 81 million login attempts during a span from June 12 to June 26. Cybersecurity firm Huntress reported that 78 accounts across 64 organizations were compromised in this automated campaign.
The attack was notable for its use of deprecated OAuth flow, particularly the Resource Owner Password Credentials (ROPC) flow. This vulnerability allowed attackers to bypass Conditional Access policies and multi-factor authentication (MFA), gaining unauthorized access.
The attackers utilized still-valid username and password pairs from past breaches, allowing them to exploit security gaps in Microsoft 365 environments.
This incident brings to light significant weaknesses in security measures commonly employed by organizations, such as Conditional Access policies and MFA configurations that do not account for all potential attack vectors.
The activity originated from a specific IPv6 address range owned by internet provider LSHIY LLC, hinting at a coordinated effort to exploit known vulnerabilities in cloud security architectures.
The disclosure of this attack highlights the importance of updating and securing authentication methods and policy configurations. It serves as a wake-up call for organizations using Azure and Microsoft 365, emphasizing the need to review and bolster their security infrastructure to protect against similar threats.
The campaign further stresses the urgent need for discontinuing the use of deprecated protocols and enhancing MFA coverage across various authentication flows.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
A password-spraying campaign aimed at Microsoft 365 generated over 81 million login attempts in two weeks, exploiting exposed credentials and bypassing multi-factor authentication (MFA). The incident highlights significant weaknesses in Conditional Access policies that allowed the attacks to succeed.
A password spray attack on Microsoft's Azure CLI has made over 81 million login attempts, compromising 78 accounts across 64 organizations. The attack utilizes a deprecated OAuth flow to bypass security policies, raising concerns over account protection measures.