BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Azure CLI Hit By Massive Password Spray Attack

LSHIY LLC launched 81M-attack bypassing MFA via deprecated OAuth flaw.

  • A massive, automated password spray attack originating from LSHIY LLC made over 81 million login attempts against Microsoft’s Azure CLI between June 12 and 26, 2026.
  • The campaign successfully compromised at least 78 Microsoft accounts across 64 organizations by exploiting a deprecated OAuth flow to bypass Conditional Access policies.
  • Many impacted organizations had Multi-Factor Authentication (MFA), but it was not enforced for the specific authorization flow or client application used by the attackers.
  • The attack specifically weaponized old, breached username/password combinations that had never been rotated by the users.
  • Cybersecurity firm Huntress reported witnessing credential spray attacks surge by over 155 times across its customer base.

Cybersecurity researchers have uncovered a massive, automated campaign compromising dozens of Microsoft accounts by exploiting a legacy security flaw. This ongoing password spray attack, detected by Huntress, targeted Microsoft’s Azure command-line interface (CLI) from June 12 to June 26, 2026.

- Advertisement -

Originating from an IPv6 address range controlled by LSHIY LLC, the threat actor made more than 81 million login attempts during that period. Consequently, they successfully compromised at least 78 user accounts spread across 64 different organizations.

However, the attack’s scale is not its only notable feature. The campaign leveraged a deprecated OAuth flow called Resource Owner Password Credentials (ROPC) to bypass Conditional Access Policy protections.

Microsoft explicitly recommends against using ROPC, arguing it’s incompatible with multi-factor authentication. “In most scenarios, more secure alternatives are available and recommended,” the company says in its documentation.

The credential spray resulted in a handful of successful logins daily, averaging two to four compromised accounts. Meanwhile, the activity surged on June 22, impacting 30 identities across 23 businesses in a single day.

- Advertisement -

These attacks specifically weaponized old username and password combinations from prior breaches. The use of the ROPC vector allowed attackers to target enterprises where MFA was not enforced for Azure CLI logins.

Common misconfigurations included enforcing MFA only for specific apps or user groups, like Admins. Additionally, eight impacted businesses had no MFA policy at all.

Huntress researchers concluded the attack reveals cracks in poorly configured Conditional Access Policies. “One glaring error here is that legacy protocols like ROPC can bypass some poorly-configured CAPs entirely,” they stated.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Web3 Warsaw 2026 — Eastern Europe’s Largest Blockchain Conference Returns This September

Web3 Warsaw 2026, the largest blockchain and technology conference in Eastern Europe, will take...

Michael Burry Shorts Tesla at $416 Ahead of Q2 Report

Famed investor Michael Burry disclosed a short position in Tesla at $416.22 ahead of...

Michael Saylor’s credit pivot as BTC-focused firm tanks

Michael Saylor's public messaging pivoted from disparaging credit to praising it in June 2025.His...

RustDuck malware builds DDoS botnet, evolves in Rust

A new botnet called RustDuck is hijacking home routers and servers to launch DDoS...

Major Firms Back OUSD as Clarity Act Advances

A consortium including VISA, Mastercard, BlackRock, and Coinbase is backing a new stablecoin, Open...

Must Read

Top 10 BEST Crypto Trading Books for New Traders

If you're thinking of diving into the crypto trading space, acquiring solid knowledge isn't just recommended - it's essential to protect your investment.Learning...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading