<ul data-eligibleForWebStory="true"><li>Over 80,000 Microsoft Entra ID accounts were targeted by password-spraying attacks using a legitimate penetration testing tool, resulting in a few compromised accounts.</li><li>Hackers utilized the TeamFiltration tool to automate attacks on Entra ID accounts, abusing Microsoft Teams API and AWS servers globally.</li><li>The campaign, referred to as UNK_SneakyStrike, began around December 2024 and originated from various geographies including the US, Ireland, and Great Britain.</li><li>In several instances, attackers successfully accessed Microsoft Teams, OneDrive, and Outlook data after infiltrating user accounts.</li><li>No specific threat actor has been identified in the campaign, with focus on the misuse of legitimate tools for malicious purposes.</li><li>Researchers anticipate an increase in the adoption of advanced intrusion tools by threat actors.</li></ul>

Over 80,000 Microsoft Entra ID accounts hit by password spraying attacks

Discover more