Digital Forensic, Research and Analytics Center

Wednesday, December 7, 2022
HomeOnline FraudMicrosoft Office 365 customer accounts breached by new hacking group

Microsoft Office 365 customer accounts breached by new hacking group

Published on

Subscribe us

On October 11,2021, Microsoft reported that a new group of hackers have been identified who have been targeting Office 365 tenants and customers. Over 250 tenants and about 20 user accounts have been compromised as of now. 

The attacks seem to be still continuing with more accounts compromised each day. The targets have been identified to be focused on US based entities and Israeli defense companies amongst other companies in the Middle East.

The group has been using the technique of password spraying which means that hackers use the same password over and over again only changing the username each time. The investigation of this attack has been named DEV-0343

How password spraying works

The attacks have usually been taking place with Tor IP addresses and imitating Firefox browser agents. Before the attacks hit however, the group first enumerates active employee accounts of an organization and then starts the spraying of passwords. Enumeration of accounts is done through Autodiscover and Autosync which are servers offered by Exchange. 

Thousands of Tor IP addresses can be used in just one attack. While Microsoft is still investigating the group, the attacks are still taking place and have not slowed down yet. Such frequent attacks might slow down Microsoft’s promise to go passwordless in the future. 

- Advertisement -[automatic_youtube_gallery type="channel" channel="UCY5tRnems_sRCwmqj_eyxpg" thumb_title="0" thumb_excerpt="0" player_description="0"]
DFRAC Editor
DFRAC Editor
Digital Forensics, Research and Analytics Centre (DFRAC) is a non-partisan and independent media organisation which focuses on fact-checking and identifying hate speech. With the popularisation of the internet came the challenge of information overload and often times, our feeds are overpopulated with conflicting, incendiary and false information which is increasingly becoming difficult to ignore and not believe in

Popular of this week

Latest articles

 Did Supriya Shrinate call Rahul Gandhi a Dhongee Hindu? Read- Fact Check

A video is getting viral on social media sites with a claim that Congress...

Does the passenger break window panes of the flight for not allowing namaz in flight? Read- Fact Check

A video is getting viral on social media sites. While sharing this video, users...

Old video of voter fraud at the West Bengal Assembly elections 2022 getting viral as Gujarat elections? Read-fact check

The first phase of the Gujarat Assembly elections took place on December 1, 2022....

Did Digvijaya Singh pray to Allah on the Hindu leader’s death? Read- Fact Check

Congress leader Mangilal Shah passed away on his way to Madhya Pradesh to attend...

all time popular

More like this

YONO App: Another Lead to Online Banking Scam

India loses 100 crores, every day to bank fraud as per the RBI in...

 A Report on username changing Accounts on Twitter

People often use usernames for their profiles to own a recognized account on Twitter....

Co-location Scam, The biggest stock market scam in India?

The biggest stock market scam has already taken place or the matter is yet...

Sextortion: A Prevalent Online Scam in India

An elevation of 11% was witnessed in the year 2020 regarding cyber crime. In...

Hacked installed malware detected on website selling nobility titles

The Principality of Sealand is a small island nation in the North Sea and...

Ransomware attacks are spreading far and wide within India

 According to a new report, hackers are targeting senior citizens and middle aged people...