Microsoft Users Under Attack From Password Spraying Hackers

As Microsoft users continue to be warned about hackers targeting everything from Windows Secure Boot vulnerabilities to Outlook emails and Windows Server zero-days, the last thing you probably want to hear is yet another warning regarding an ongoing cyberattack against Microsoft accounts. Yet here we are, and you need to take this one very seriously indeed, as thousands of Entra ID accounts are being bombarded with a password spraying attack from a group known as SneakyStrike. With billions of compromised passwords to use as ammunition by automatic hacking machines, the time to sit up and take notice is right now.

Microsoft Entra ID Accounts Under Fire From Password Spraying Hackers

Let’s get serious here: one of the worst types of cybersecurity warning you can get is concerning what is known within the industry as an ATO. Let me spell that out for you: Active. Account. Takeover.

And that, I’m sorry to say, is what we have here. Threat researchers working at Proofpoint have confirmed just such an ATO, targeting Microsoft Entra ID accounts and having success in compromising victim organizations.

Attributed to an attack group called SneakyStrike, also known as SneakyChef which has a history of government-level espionage campaigns, the researchers said that the ongoing Microsoft cyberattack has already “affected over 80,000 targeted user accounts across hundreds of organizations, resulting in several cases of successful account takeover.”

How The Attack Works

The attackers are using a penetration testing platform to strike, leveraging both Microsoft Teams and Amazon Web Services servers across multiple geographical locations. What they have in common is that all the attacks involve user enumeration and password spraying at scale. This, the research report said, has led to SneakyStrike actors exploiting access to applications, including Microsoft Teams, OneDrive, and Outlook.

Act Now To Mitigate The SneakyStrike Microsoft Password Attacks

This ongoing attack leaves hundreds of organisations vulnerable, Eric Woodruff, chief identity architect at Semperis, warned. “In response to this threat and cloud services attacks,” Woodruff told me, “organizations need to adopt a multi-layered, identity-first security approach, and mitigation efforts should centre around reducing their attack surface, increasing visibility, and enforcing strong access controls.”

Remember that such password spraying attacks rely upon the accounts being targeted for compromise not having adequate login protection. Specifically, using common passwords or those that are created using a systematic variation within an organization. Both of these password types should be replaced with strong passwords that are not reused or found within commonly available stolen password databases. Do not act now, and you could be the latest Microsoft victim of SneakyStrike. You have been warned.

Conclusion

The SneakyStrike password spraying attack on Microsoft Entra ID accounts is a serious threat that requires immediate attention. With thousands of accounts already compromised, it is essential for organizations to take proactive measures to mitigate the attack. By adopting a multi-layered security approach, reducing the attack surface, and enforcing strong access controls, organizations can protect themselves from this ongoing cyberattack.

Frequently Asked Questions

What is a password spraying attack?

A password spraying attack is a type of cyberattack where hackers use automated tools to try a large number of passwords on a targeted account or system.

What is SneakyStrike?

SneakyStrike is an attack group, also known as SneakyChef, that has a history of government-level espionage campaigns and is responsible for the ongoing password spraying attack on Microsoft Entra ID accounts.

How can I protect myself from password spraying attacks?

To protect yourself from password spraying attacks, use strong and unique passwords, avoid reusing passwords, and enable multi-factor authentication whenever possible.