Since July 2024, the platform facilitated the theft of at least 5,000 Microsoft credentials across 94 countries, Microsoft reported. Each subscription allowed criminals to target up to 9,000 email addresses daily, creating a multiplication effect that investigators estimate generated hundreds of millions of malicious messages annually. Most dangerously, Microsoft found that the service could bypass multi-factor authentication protections to steal user credentials and gain persistent access to victims’ systems.
Healthcare systems proved particularly vulnerable, with documented attacks against at least 20 US healthcare organizations, according to Microsoft. The targeting was strategic, as these attacks often served as entry points for ransomware deployment that can shut down hospital systems and endanger patient lives.
The threat was significant enough that Health-ISAC, a healthcare cybersecurity nonprofit, joined Microsoft as a plaintiff in the legal action, the blog added.
