Massive Botnet Facilitates Microsoft 365 Password Spray Attacks

Microsoft 365 accounts around the world have been subjected to far-reaching password spraying intrusions conducted by a massive botnet of over 130,000 hacked devices that bypass multi-factor authentication, reports SC Media.

With intrusions listed in non-interactive sign-in logs, attackers could covertly hijack accounts, achieve lateral movement, and disrupt operations using stolen credentials in the dark web, according to an analysis from SecurityScorecard.

Such techniques employed by the botnet were regarded by Black Duck senior security engineer Boris Cipot to be a breakthrough that exploits authentication monitoring blindspots. Newly found stealth enabled by the botnet tactic even in secured environments should prompt organizations to implement more robust defenses, according to Keeper Security co-founder and CEO Darren Guccione.

"Robust cybersecurity isn't just about having MFA — it's about securing every authentication pathway," said Guccione. "With Microsoft phasing out basic authentication in 2025, organizations must act now to close these gaps before attackers scale their operations even further."