Skip to main content

The Australian Cyber Security Centre (ACSC) is aware of a high volume of ongoing password spray attacks targeting Australian organisations.

Alert status

The password spray attacks target users on standard corporate external services such as webmail, remote desktop access, Active Directory Federated Services (ADFS) or cloud based services such as Office 365. Depending on the credentials and service, successful authentication can potentially lead to the actor gaining access to corporate emails, the corporate directory, global address books, remote desktop services or administrative access.