Security News > 2020 > September > APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins
The Russia-linked threat group known as APT28 has changed up its tactics to include Office 365 password-cracking and credential-harvesting.
The attacks utilized a daily average of 1,294 IPs associated with 536 netblocks and 273 ASNs; and, organizations typically see more than 300 authentication attempts per hour per targeted account over the course of several hours or days.
Overall, organizations targeted by these attacks saw widespread authentication attempts throughout their footprints, with an average of 20 percent of total accounts suffering an attack.
"In some instancesthe tooling may have discovered these accounts simply by attempting authentications against a large number of possible account names until it found ones that were valid," according to the computing giant.
APT28 - believed to be tied to Russian military intelligence - has attacked more than 200 organizations this year, including political campaigns, advocacy groups, parties and political consultants, Microsoft noted.