See the Complete Picture.
Get Started
SubscribeLogin
Israel-Hamas Conflict
Airstrike
World Cup
Military
Social Media
South America
Immigration
Donald Trump
Stock Markets
Education
Drones
Artificial Intelligence
Soccer
Published loading...Updated

Over 80,000 Microsoft Entra ID Accounts Hit by Password Spraying Attacks

  • Proofpoint uncovered a large-scale account takeover campaign, UNK_SneakyStrike, targeting over 80,000 Microsoft Entra ID user accounts globally since late 2024.
  • The campaign began in December 2024 and leverages the open-source penetration testing tool TeamFiltration to conduct user enumeration and password spraying attacks.
  • Attackers abused AWS servers and a disposable Office 365 account to target roughly 100 cloud tenants and access Microsoft Teams, OneDrive, and Outlook data.
  • On January 8, 16,500 accounts were targeted in a single day, with attackers successfully hijacking several accounts and accessing sensitive productivity information.
  • This campaign illustrates the growing misuse of legitimate security tools in cyberattacks, prompting recommendations for multi-factor authentication, OAuth 2.0 enforcement, and blocking known malicious IPs.
Insights by Ground AI
Does this summary seem wrong?

22 Articles

All
Left
Center
2
Right
Tech RadarTech Radar
Center

Over 80,000 Microsoft Entra ID accounts hit by password spraying attacks

Half a dozen flaws across different products were addressed despite not being abused in the wild.

·United Kingdom
Read Full Article
BleepingComputerBleepingComputer
Center

Password-spraying attacks target 80,000 Microsoft Entra ID accounts

Hackers have been using the TeamFiltration pentesting framework to target more than 80,000 Microsoft Entra ID accounts at hundreds of organizations worldwide.

Read Full Article
Techzine EuropeTechzine Europe

Pentesting tool exploited in large-scale attacks

TeamFiltration exploited by attackers for large-scale Office 365 attacks. More than 80,000 accounts targeted in UNK_SneakyStrike campaign.

Read Full Article
unsafe.shunsafe.sh

Hackers Used TeamFiltration Open Source Tool to Attack More than 80,000 Microsoft Entra ID Accounts

This article describes the causes and solutions for error code 521. This error is usually caused by Cloudflare and indicates that the server cannot connect to the origin server. Common causes include network connection problems, server misconfiguration, or improper DNS settings. Solutions include checking network configuration, contacting the hosting provider, or adjusting Cloudflare settings to restore access.

Read Full Article
HubSite 365HubSite 365

Entra ID: Stop Lateral Attacks with Advanced Identity Security

Entra ID, identity management, cybersecurity, MFA, Microsoft 365 Defender, Azure AD - protect against lateral attacks. Lateral attacks happen when attackers move inside a network after getting access, often aiming for sensitive data or systems. Entra ID is a tool from Microsoft that helps manage user identities and control who can access resources. Identity management ensures only the right people have access to important company information an…

Read Full Article
AdluminAdlumin

Unravelling Cyber Defense Model Secrets: Password Spray Detections

Discover how to detect and respond to password spray attacks in Microsoft 365. Learn about Adlumin's latest detection logic, response strategies, and how to strengthen your defense against stealthy brute-force threats. The post Unravelling Cyber Defense Model Secrets: Password Spray Detections appeared first on Adlumin Cybersecurity.

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

The Hacker News broke the news in on Thursday, June 12, 2025.
Sources are mostly out of (0)

Similar News Topics

Microsoft

Microsoft

Hacking

Hacking

News
For You
SearchBlindspotLocal