2025-01-17 16:36:15 Pacfic
FastHTTP Used in High-Speed Microsoft 365 Attacks - 8h
Hackers are exploiting the FastHTTP library, written in Go, to conduct rapid brute-force password attacks against Microsoft 365 accounts worldwide. These attacks are characterized by generating a high volume of HTTP requests aimed at Azure Active Directory endpoints. The technique leverages the high-performance nature of FastHTTP to accelerate credential-based attacks. SpearTip, an incident response firm, reported that this malicious activity began on January 6th, 2025. Analysis reveals a significant portion of the attack traffic originates from Brazil, with other countries like Turkey, Argentina, Uzbekistan, and Pakistan also involved. These attacks primarily target the Azure Active Directory Graph API, utilizing the 'fasthttp' user agent. While most attempts failed due to authentication failures, locked accounts, and policy violations, a concerning 9.7% of attacks resulted in successful account takeovers. The attacks involved brute-force and multi-factor authentication fatigue attempts. Security experts recommend that administrators promptly assess potential compromises, manually verify user agents through the Azure portal, immediately expire user sessions, and reset account credentials upon detecting any suspicious activity. They also recommend a review of MFA devices linked to potentially compromised accounts.
ImgSrc: files.cyberriskalliance.com
References:
- cyberpress.org - Hackers Using ‘Fast HTTP’ in Targeting Microsoft 365 Password Stealing Attack - 9h
- @BleepingComputer - Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. - 9h
- www.bleepingcomputer.com - Hackers use FastHTTP in new high-speed Microsoft 365 password attacks - 9h
- SCM feed for Threat Management - Advanced Microsoft 365-targeted brute-force attacks enabled by FastHTTP - 9h
Classification:
- HashTags: Microsoft365 BruteForce FastHTTP
- Company: Microsoft
- Target: Microsoft 365 accounts
- Product: Microsoft 365
- Feature: FastHTTP Brute Force
- Type: Hack
- Severity: Major