Hackers Exploit FastHTTP in High-Speed Microsoft 365 Attacks

Share post:

Threat actors are employing the FastHTTP Go library to launch high-speed brute-force password attacks on Microsoft 365 accounts worldwide. The campaign, detected by incident response firm SpearTip, began on January 6, 2025, and primarily targets the Azure Active Directory Graph API.

FastHTTP, a high-performance HTTP server and client library for the Go programming language, is being misused to automate HTTP requests for unauthorized login attempts. Attackers also exploit this tool for Multi-Factor Authentication (MFA) Fatigue attacks, overwhelming users with repeated MFA challenges to gain access.

Attack Patterns and Success Rates

An investigation by security firm SpearTip revealed that 65% of the malicious traffic originates from Brazil, with other significant activity from Turkey, Argentina, Uzbekistan, Pakistan, and Iraq. The attack outcomes show alarming trends:

  • 41.5% of attacks fail.
  • 21% result in account lockouts due to security mechanisms.
  • 17.7% are blocked by access policy violations.
  • 10% are thwarted by MFA protections.
    However, 9.7% of attempts successfully authenticate, a concerningly high success rate for such attacks.

The campaign underscores the risk of account takeovers, leading to potential exposure of confidential data, intellectual property theft, and operational disruptions.

Detection and Mitigation

SpearTip has provided guidance for administrators to detect and defend against these attacks. A PowerShell script has been shared to identify the FastHTTP user agent in audit logs. Alternatively, admins can manually review sign-in logs via the Azure portal by filtering for the client app “Other Clients.”

If suspicious activity is detected, SpearTip advises immediate actions, including:

  • Expiring user sessions and resetting account credentials.
  • Reviewing authorized MFA devices and removing unauthorized ones.
  • Following the list of indicators of compromise provided in SpearTip’s report.

This campaign highlights the importance of robust security measures, including enforced MFA policies and vigilant monitoring, to safeguard Microsoft 365 accounts against evolving threats.

A link to the report:  https://www.speartip.com/fasthttp-used-in-new-bruteforce-campaign/

SUBSCRIBE NOW

Related articles

North Korean Hackers Trick Employees With New Social Engineering

North Korean Hackers Trick Employees With New Social Engineering, New Prompt Injection Attack Compromises Gemini's Long-Term Memorym Canada's...

Canada’s Tech Sector Faces Continuing Talent Crunch: Hashtag Trending

Report Says Canada's Tech Sector Faces Continuing Talent Crunch Amid Rapid AI Advancements, Study Reveals reCAPTCHA's Lousy At...

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

homson Reuters Wins Landmark AI Copyright Case: Hashtag Trending for Thursday, February 13, 2025

Thomson Reuters Wins Landmark AI Copyright Case, Tumblr joins the fediverse and converts to WordPress, The US and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways