Microsoft officials highlighted that any threat actor leveraging the CovertNetwork-1658 infrastructure can execute password spraying campaigns on a massive scale, elevating the likelihood of credential compromise significantly.
The botnet is highly evasive due to its operational strategy, which involves sending numerous login attempts from different IPs, making it difficult for targeted services to detect breaches.
This malicious operation utilizes more than 8,000 compromised devices, primarily TP-Link routers, to stealthily target Azure accounts, indicating a well-coordinated attack strategy.
Researchers from Serbia and Team Cymru confirmed that the Botnet-7777 remains active, showcasing its enduring capacity for large-scale password spray attacks against Microsoft Azure users.
Collection
[
|
...
]