Summary: Threat actors are exploiting the FastHTTP Go library to execute rapid brute-force password attacks against Microsoft 365 accounts, with a notable success rate. This campaign, identified by SpearTip, began on January 6, 2024, and primarily targets the Azure Active Directory Graph API.
Threat Actor: Unknown | unknown
Victim: Microsoft 365 | Microsoft 365
Key Point :
- Brute-force attacks have a 10% success rate for account takeovers.
- 65% of the malicious traffic originates from Brazil.
- 41.5% of attacks fail, while 21% result in account lockouts.
- Administrators can use a PowerShell script to detect FastHTTP user agent in audit logs.
- Immediate actions recommended include expiring user sessions and resetting credentials if malicious activity is detected.