网络安全专家发现微软365号遭到大规模密码攻击, Cybersecurity experts detect a massive password attack on Microsoft 365, targeting key industries with botnets.

网络安全研究人员确定了对微软365账户的大规模密码喷射攻击,主要针对金融、医疗和技术等部门。 Cybersecurity researchers have identified a large-scale password spraying attack on Microsoft 365 accounts, primarily targeting sectors like finance, healthcare, and technology. 攻击者可能来自中国，使用超过 130,000 台受感染设备的僵尸网络来利用非交互式登录，绕过多因素身份验证并避免安全警报。 The attackers, potentially from China, use a botnet of over 130,000 compromised devices to exploit non-interactive sign-ins, bypassing multi-factor authentication and avoiding security alerts. 建议各组织审查其签入日志、旋转标记的证书,并禁用遗留认证协议,以降低风险。 Organizations are advised to review their sign-in logs, rotate flagged credentials, and disable legacy authentication protocols to mitigate the risk.