Microsoft 365 Password Attack Warning As High-Speed Hackers Strike

As Microsoft users recover from the news that three zero-day Windows vulnerabilities have been actively exploited, and there has been a surge in Russian cyber espionage attacks against Windows users, there’s more bad news for Microsoft 365 account holders. Newly published research has warned that Microsoft 365 accounts are being targeted by hackers using a high-speed brute force password attack methodology. Here’s what you need to know.

ForbesGoogle ‘Perpetual Hack’ Attack Steals Passwords And 2FA—Act NowBy Davey Winder

Microsoft 365 Account Passwords Targeted In High-Speed FastHTTP Attacks

An emerging hack attack campaign that leverages the FastHTTP high-performance server and client library for the Go programming language was identified by researchers from the SpearTip Security Operations Center, Jan. 13. The researchers said that it appears the FastHTTP framework is “being used to gain unauthorized access to accounts through brute-force login attempts and spamming multi-factor authentication requests.” Data analyzed from a large set of Microsoft 365 tenants, SpearTip researchers Djurre Hoeksema, James Rigdon and Benjamin Jones, said, indicating that FastHHTP was “first observed as a user agent on January 6th, 2025.” The report confirmed that all of the observed attempts have been targeting the Azure Active Directory Graph API. The hacking traffic mainly originated from Brazil, accounting for 65% of the total, with the remaining attackers coming out of Argentina, Iraq, Pakistan, Turkey and Uzbekistan.

The revelation that hackers are using the FastHTTP Go library to conduct high-speed brute-force password attacks against Microsoft 365 accounts is “a stark reminder of the evolving tactics employed by cybercriminals,” Roei Sherman, field chief technology officer at Mitiga, said, “this alarming trend underscores the urgency for organizations to enhance their cybersecurity protocols and adopt more robust protective measures.” FastHTTP provides a distinct advantage to attackers, Sherman warned, “aiming to compromise accounts through brute-force methods by rapidly iterating through numerous password combinations.” As the report stated, these ongoing attacks are not only widespread but also capable of bypassing traditional security layers, often leading to successful account takeovers.

ForbesNew Amazon Ransomware Attack—‘Recovery Impossible’ Without PaymentBy Davey Winder

Mitigating The Microsoft 365 Account FastHTTP Brute-Force Hacking Risk

The SpearTip researchers said that it’s possible to quickly check for potential indicators of compromise from the FastHTTP brute-force attack by reviewing Entra ID sign-in logs via the Azure Portal.

• Log in to the Azure Portal.
• Navigate to Microsoft Entra ID → Users → Sign-in Logs.
• Apply the filter Client app: “Other Clients”.
• While this filter may return false positives, the “User Agent” field under Basic Information in the logs can be reviewed for confirmation, the user agent will be “fasthttp.”

Sherman, meanwhile, said that for those using Microsoft 365, some precautionary mitigation measures included:

• Adopt multi-factor authentication.
• Strengthen password policies.
• Monitor login activity.
• Educate employees.
• Utilize account lockout policies.

I have reached out to Go and Microsoft for a statement regarding the FastHTTP brute-force Microsoft 365 password attacks.

ForbesMillions Of Sign-In-With-Google Users Warned Of Data-Theft VulnerabilityBy Davey Winder

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.