Research February 24, 2025

Massive Botnet Targets M365 with Stealthy Password Spraying Attacks

A Technical Breakdown of Large-Scale Password Spraying Through Non-Interactive Sign-Ins

Your SIEM isn’t flagging it. MFA isn’t stopping it. Attackers are exploiting non-interactive sign-ins to run high-volume password spraying attacks against Microsoft 365, slipping past detection and locking in persistent access.

In this report:

How attackers are evading Conditional Access and MFA to compromise accounts.
What to look for in your logs—the key signals buried in non-interactive authentication events.
Practical steps to disrupt these attacks before access is leveraged.

Read the full technical breakdown now.