Azure CLI Password Spray Hits at Least 78 Microsoft Accounts in 81M+ Attempts
Summary
Researchers have detected a large-scale, automated password spray attack targeting Microsoft's Azure CLI, with at least 78 Microsoft accounts compromised out of over 81 million attempts. The attack, originating from an IPv6 address range managed by LSHIY LLC, occurred between June 12 and June 26.
IFF Assessment
This article details a successful credential stuffing attack that compromises user accounts, directly impacting defenders by highlighting an active threat vector.
Defender Context
This incident highlights the effectiveness of large-scale password spray attacks against cloud services like Azure CLI, emphasizing the need for robust credential hygiene and multi-factor authentication. Defenders should monitor for anomalous login attempts and investigate IP ranges associated with known malicious activity.