logo

Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts

ID: bf762e66-132e-5da4-b4ce-d563127a2ace

STIX ID: report--bf762e66-132e-5da4-b4ce-d563127a2ace

Feed Name: The Hacker News

Threat Score
72/100

Date Published: 2026-07-01

Date Updated: 2026-07-01

Author: [email protected] (The Hacker News)

...
...

Cybersecurity researchers observed a massive automated password-spray campaign (June 12–26, 2026) originating largely from an IPv6 range owned by LSHIY LLC that performed over 81 million login attempts and successfully compromised 78 Microsoft accounts across 64 organizations by abusing the legacy ROPC OAuth flow to circumvent Conditional Access and misconfigured MFA. Organizations are advised to require MFA for all users/apps/client types, restrict Azure CLI for non-admins, and prioritize credential validity and CAP configuration to mitigate this vector.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.