Summary: More than 81 million login attempts against Microsoft 365 accounts were registered over two weeks; password spraying remains an effective attack method against insufficiently protected environments.
In a large-scale password spray campaign, more than 81 million login attempts against Microsoft 365 environments were registered over two weeks. This indicates a systematic infiltration strategy that exploits weak or commonly used passwords.
The campaign targets Microsoft 365 accounts and uses the password spray method to gain access. This technique attacks many accounts with common or simple passwords rather than bombarding individual accounts with different variants. The volume of more than 81 million attempts in just 14 days underscores the machine scalability of such attacks.
For Chief Information Security Officers, this is a critical signal: Microsoft 365 remains a preferred target because access to email, OneDrive, and Teams opens up significant lateral movement opportunities. A successful compromise can lead to data theft, ransomware deployment, or persistence mechanisms. The high volume of attacks suggests that a significant portion of these attempts were successful.
Defensive measures should include multi-factor authentication (MFA) consistently for all users, leverage intelligent sign-in alerts, and continuously monitor suspicious login patterns. Conditional Access policies can block suspicious geographic locations or browsers. At the same time, password policies should be reviewed to identify weak or standardized passwords and force users to change them.
Source: www.bleepingcomputer.com · Published July 1, 2026
Lumi AI News — AI-assisted curation pursuant to Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.