In 2024, Microsoft accounts have been increasingly targeted by brute force attacks and other unauthorized login attempts, leading to a surge in login failure logs for users. Despite this, Microsoft has yet to issue an official statement on the matter. Recently, the cybersecurity firm SpearTip released a report revealing that hackers have leveraged the FastHTTP Go library to mount large-scale assaults on the Microsoft Azure Active Directory Graph API. Unlike brute force attacks aimed at individual Microsoft accounts, this campaign specifically targets critical components of enterprise user identity management and access control systems.

Attackers utilize automated means to attempt unauthorized login requests, employing brute force tactics to guess passwords or frequently triggering multi-factor authentication. SpearTip discovered that the majority of the malicious traffic emanated from Brazil, with additional participants from countries such as Turkey and Argentina. While many of these attacks were unsuccessful, hackers still managed to gain access to some accounts, potentially jeopardizing user data security.

This incident underscores the importance for both users and enterprises to fortify their account security measures and remain vigilant against evolving cybersecurity threats.