Newsinterpretation

Massive Cyber Threat: Microsoft 365 Hackers Exploit Weak Security

A new cyberattack campaign is putting thousands of Microsoft 365 users at risk by targeting accounts that lack two-factor authentication (2FA). Hackers are using a method called “password spray and pray,” where they try common passwords across many accounts, hoping for a match.

Security researchers have discovered that a botnet of at least 130,000 infected devices is being used in this attack. The group behind it is believed to be linked to a Chinese-affiliated organization. These cybercriminals are taking advantage of a loophole in Microsoft’s security—Basic Authentication. This older login method is outdated, yet some organizations still use it, making them easy targets.

Unlike modern authentication systems, Basic Authentication doesn’t require extra security checks, like a second password or a verification code sent to your phone. This means hackers can try logging into multiple accounts without triggering security alerts. The attack is widespread, affecting multiple Microsoft 365 users worldwide.

How Hackers Are Avoiding Detection

One of the biggest concerns about this attack is how well it evades security monitoring. The hackers are using non-interactive sign-ins, a method commonly used for automated logins between services. Because these logins don’t require human interaction, they often bypass 2FA protections.

In many organizations, security teams focus on tracking interactive logins—those where a person physically enters a username and password. But non-interactive logins often don’t receive the same level of attention. This creates a blind spot that hackers are now exploiting.

Additionally, the passwords being used in these attacks often come from massive stolen credential databases available on the Dark Web. Hackers collect leaked usernames and passwords from previous data breaches and try them on Microsoft 365 accounts. To avoid being blocked, they carefully limit the number of login attempts, so they don’t trigger lockout policies.

While Microsoft is phasing out Basic Authentication, it will still be partially active until September 2025. This means that many organizations remain vulnerable to these attacks. Security experts warn that despite Microsoft’s ongoing efforts to retire this outdated system, the threat is immediate and serious.

What Companies Must Do to Protect Microsoft 365 Accounts

Security researchers are urging organizations to take immediate action to protect themselves from this attack. The first and most important step is to disable Basic Authentication. Microsoft has been pushing for its removal, but many companies still have it enabled, leaving them exposed.

Another crucial step is to monitor non-interactive sign-in logs. Since hackers are using this method to bypass security checks, companies must actively track these logs for any suspicious activity.

Experts also recommend using strong access policies based on location and device security. This means restricting logins from unknown locations or requiring extra security steps if a login attempt comes from an unfamiliar device.

Finally, enabling multi-factor authentication (MFA) or certificate-based authentication is one of the most effective ways to block these attacks. MFA requires users to verify their identity with a second factor, like a phone code or fingerprint scan. Even if hackers steal a password, they still won’t be able to access the account without this extra verification.

With hackers launching large-scale attacks against Microsoft 365 users, it’s critical for businesses to act now. By disabling outdated login methods and enforcing stronger security measures, organizations can prevent cybercriminals from gaining unauthorized access to their accounts.

TOP 10 TRENDING ON NEWSINTERPRETATION

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...

Ian Calderon moves to address cost of living crisis in bid to succeed Gavin Newsom as governor

A Millennial Candidate Steps Forward Former California State Assembly Majority...

Harrods Issues Urgent Warning After Customer Data Stolen in IT Breach

Personal details exposed in breach at third-party system Luxury department...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...
error: Content is protected !!
Exit mobile version