www.securityweek.com 7/1/2026, 8:11:26 AM · external

Huntress flags massive Microsoft 365 password spray via Azure CLI

Huntress flags massive Microsoft 365 password spray via Azure CLI
Developing story campaign 2 articles tracked
Massive password spray campaign targets Microsoft Azure CLI
CyberSIXT Evidence Panel
Primary Source huntress.com

A recent cybersecurity report by Huntress reveals a substantial password spray attack targeting Microsoft 365 environments via Azure CLI. Over a two-week period, there were 81 million login attempts, compromising 78 user accounts across 64 organizations. Most attacks originated from an autonomous system related to LSHIY LLC. Critical weaknesses in multi-factor authentication (MFA) configurations were noted, as several affected businesses either had poor MFA policies or none at all.

The attackers exploited the deprecated OAuth ROPC authentication flow, allowing them to bypass MFA prompts. Huntress has reported the issue to LSHIY without receiving a response.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline