Large Botnet Targets Microsoft 365 Accounts with Password-Spraying Attacks

A botnet consisting of over 130,000 devices is targeting Microsoft 365 (M365) accounts worldwide through password-spraying attacks. Researchers at SecurityScorecard have discovered that this botnet bypasses multi-factor authentication (MFA) by exploiting basic authentication. The attackers are specifically targeting accounts protected by this authentication method. Experts emphasize that organizations must remain vigilant against these threats.