**Massive Botnet Targets Microsoft 365 Accounts Across the World**
A new password spraying attack targeting organizations and Microsoft 365 (M365) accounts in the West has been spotted, focusing on Non-Interactive Sign-Ins. Hackers, possibly of Chinese affiliation, are using infrastructure "tied to" CDS Global Cloud and UCLOUD HK to launch the campaign. SecurityScorecard researchers claim that businesses relying on M365 for email, document storage, and collaboration are at particular risk.
- The sophistication and scale of this attack highlight the ongoing cat-and-mouse game between attackers and defenders in the battle against authentication vulnerabilities.
- What measures can organizations take to protect their M365 accounts from being compromised by these types of targeted attacks?