A recent cybersecurity report by Huntress reveals a substantial password spray attack targeting Microsoft 365 environments via Azure CLI. Over a two-week period, there were 81 million login attempts, compromising 78 user accounts across 64 organizations. Most attacks originated from an autonomous system related to LSHIY LLC. Critical weaknesses in multi-factor authentication (MFA) configurations were noted, as several affected businesses either had poor MFA policies or none at all.
The attackers exploited the deprecated OAuth ROPC authentication flow, allowing them to bypass MFA prompts. Huntress has reported the issue to LSHIY without receiving a response.