securityaffairs.com 7/1/2026, 2:11:13 PM · external

Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs

Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs
Developing story campaign 3 articles tracked
Massive password spray campaign targets Azure CLI
CyberSIXT Evidence Panel
Primary Source huntress.com

A password spray attack against Microsoft Azure CLI environments has been detected, targeting 64 organizations with over 81 million login attempts and resulting in 78 compromised accounts within just two weeks. The attackers utilized common password combinations through an OAuth method that bypasses multi-factor authentication (MFA), taking advantage of inadequate MFA configurations. Of the impacted businesses, many had MFA in place but it did not trigger due to specific limitations.

This campaign reflects a significant increase in credential spray attempts, emphasizing the need for comprehensive conditional access policies and stricter controls on OAuth flows to enhance security measures.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline