giorgioz parent
Interesting but from the article I haven't understood how they actually managed to group together the 24 Users Targeted in 1 Week and understood this was a malicious attack.
It seems like marketing blogspam.
Anyone can come up with multiple hypothetical scenarios and fixes, share it, and as we see reach hn front page.
Yeah agreed that there wasn’t much information there.
Having investigated similar password spray attacks, I’m guessing they just looked at the entire set of failed Azure CLI logins from the same ASN (AS6939). Then that activity was distinct enough from usual activity in the tenant to suspect it’s part of the same campaign (no prior logins from AS6939, little to no legitimate use of Azure CLI, or the job profile of the targeted users doesn’t align with usage of Azure CLI).