Massive Password Spray Attack Bypasses Azure Conditional Access via Deprecated OAuth Flow
Cybersecurity researchers have uncovered a large-scale, automated password spray attack targeting **Microsoft Azure CLI**, compromising dozens of accounts. The sophisticated campaign leverages a deprecated OAuth flow, **Resource Owner Password Credentials (ROPC)**, to bypass **Conditional Access Policy (CAP)** protections, even in organizations with MFA enabled.
Cybersecurity researchers at **Huntress** have issued a warning regarding an extensive, automated password spray attack specifically targeting the **Microsoft Azure Command-Line Interface (CLI)**. This ongoing campaign has already compromised at least 78 **Microsoft** accounts across 64 organizations.

### The Scale of the Attack
Between June 12 and June 26, the threat actor behind this operation made over 81 million login attempts. The attacks originate from an IPv6 address range (**2a0a:d683::/32**) controlled by internet infrastructure provider **LSHIY LLC** (AS32167). **Huntress** notes that the targeting appears to be opportunistic, based on password prevalence in compromised combo lists, rather than specific business types or industries.
### Bypassing Conditional Access Policies
What makes this password spray attack particularly concerning is its ability to bypass **Conditional Access Policy (CAP)** protections, even in organizations that had these policies enabled. The campaign exploits a deprecated OAuth flow known as **Resource Owner Password Credentials (ROPC)**.
**ROPC** is a legacy OAuth 2.0 grant type where a user's credentials are directly provided to a client application, which then exchanges them for an access token. **Microsoft** has long recommended against using **ROPC**, highlighting its incompatibility with multi-factor authentication (**MFA**) and the high degree of trust it requires in the application.
### Steady Infiltration and Escalation
Initially, the credential and token spray attacks resulted in a handful of successful logins daily, averaging two to four compromised accounts between June 12 and June 21. However, this cadence intensified on June 22, with 30 identities across 23 businesses being impacted.

While the majority of the activity stemmed from **LSHIY LLC**, some IP addresses resolved to the U.S., with a few others tracing back to China.
### The MFA Blind Spot
The attacks specifically weaponize old, unrotated username/password combinations from previous breaches. The use of the **ROPC** vector allowed attackers to target enterprises with **MFA** implemented, but where it was not universally enforced or configured to account for **Azure CLI ROPC** logins. Scenarios where **MFA** was not triggered included:
* Enforcing **MFA** only for specific applications, failing to cover **Azure CLI** logins.
* Enforcing **MFA** solely for specific user groups, such as administrators.
* Enforcing **MFA** only for requests originating from non-trusted locations.
**Huntress** noted that eight businesses impacted by the campaign had no **MFA** policy whatsoever. However, the key takeaway for organizations with **MFA** is not that it's ineffective, but that its policies must be meticulously configured to address all potential authorization flows.
### Recommendations for Defense
To mitigate this attack vector, organizations are strongly advised to:
* Require **MFA** for **All Users**, **All Cloud Apps**, and **All Client App types** when enabling **CAP**.
* Restrict the **Azure CLI** application for non-admin users.
* Prioritize incident response based on credential validity.
Researchers at **Huntress** conclude that this attack exposes critical weaknesses in improperly configured **CAPs**. Legacy protocols like **ROPC** can entirely bypass some poorly deployed **CAPs** because they do not route through the authorization endpoint where policies are typically enforced, creating a significant security gap.