:

HACKERS LAUNCH 81M LOGIN ATTACKS ON MICROSOFT 365

SECURITY DESK2 MIN READ
WED, JUL 1, 2026

■ AI-SUMMARIZED FROM 5 SOURCES ▸ TIMELINE

Attackers conducted a large-scale password-spraying campaign against Microsoft 365 accounts, generating over 81 million login attempts within two weeks. The credential stuffing effort targeted multiple organizations in a bid to gain unauthorized access.

Security researchers detected an aggressive password-spraying operation focused on Microsoft 365 environments during a two-week window. The campaign generated more than 81 million login attempts as attackers systematically tested common passwords against user accounts across different organizations. Password spraying differs from traditional brute-force attacks. Instead of repeatedly targeting a single account, attackers try weak or commonly used passwords against many accounts simultaneously. This approach bypasses account lockout mechanisms that trigger after multiple failed attempts on one user. The campaign reflects ongoing threats to cloud-based productivity platforms. Microsoft 365—which includes Outlook, Teams, and SharePoint—remains a prime target for attackers seeking initial access to corporate networks. Compromised credentials provide footholds for data theft, ransomware deployment, and lateral movement within organizations. Security teams identified the attack through abnormal authentication patterns and IP address behavior. The breadth of the campaign suggests attackers used multiple IP addresses and distributed infrastructure to distribute login attempts across their infrastructure. Microsoft has not disclosed whether any accounts were successfully compromised through this specific campaign. However, the scale of attempts indicates attackers achieved some level of access or credential harvesting. Organizations are advised to implement multi-factor authentication (MFA) across all Microsoft 365 accounts. MFA blocks attackers even when they obtain valid credentials. Additional measures include monitoring for unusual sign-in locations, enforcing strong password policies, and reviewing conditional access rules. The incident adds to a pattern of large-scale credential attacks targeting cloud services. Previous campaigns have targeted similar platforms at comparable scales, highlighting the persistent value attackers assign to compromised cloud credentials.

■ MORE FROM THE SECURITY DESK

The European Union has sanctioned members of Russia's Federal Security Service (FSB) for cyber espionage and sabotage campaigns targeting EU and Ukrainian entities since 2010. The move, coordinated with the UK, targets dozens of individuals and organizations involved in systematic hacking operations.

JUST NOWAI Desk

Cybersecurity agencies from the United States and eight allied nations have issued a joint warning about Russian state-sponsored hackers targeting vulnerable routers to breach critical infrastructure networks.

JUST NOWIndustry Desk

A new browser fingerprinting vector has emerged in Chromium 148, where the Math.tanh function produces different results across operating systems. This discrepancy can be exploited to identify a user's underlying OS without explicit permission.

13H AGOIndustry Desk

Kaseya is hosting a webinar on strengthening MSP resilience through SaaS backups and business continuity strategies. The session focuses on how recovery capabilities prove critical when security defenses are breached.

19H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.