Over 80,000 Microsoft Entra ID Accounts Targeted Using Open-Source TeamFiltration Tool

A new account takeover campaign, codenamed UNK_SneakyStrike, has targeted over 80,000 Microsoft Entra ID accounts using the open-source TeamFiltration tool. The campaign, which began in December 2024, involves user enumeration and password spraying attacks, with each wave originating from a different server in a new geographic location. The findings highlight the misuse of cybersecurity tools by threat actors.