Botnet of 130,000 devices targets Microsoft 365 via password-spray attacks on Basic Authentication, evading multi-factor authentication. Attackers use stolen credentials to exploit Basic Auth, which transmits credentials in plaintext and bypasses MFA. Security experts recommend disabling Basic Auth and strengthening access controls to mitigate risks. Possible links to Chinese threat actors have been identified.
Botnet Targets Basic Auth in Microsoft 365 Password Spray Attacks
