Password spraying

Tags

CredentialsAuthentication

ATT&CK Tactic

Credential Access (TA0006)Initial Access (TA0001)

ATT&CK Technique

https://attack.mitre.org/techniques/T1110/003/

Incidents

Peach Sandstorm targeting Azure Microsoft email exfiltration by Nobelium Smishing into Entra onto VMWare ransomware APT29 Targeting Zimbra and TeamCity Servers

Last edited

May 19, 2024 9:44 AM

Status

Stub

Defenses

Multi-Factor Authentication (MFA)Password Policies Weak Password Detection Security Keys Bastion Host

Password spraying involves attempting to sign in to many accounts while guessing passwords from a list of the most likely options. This attack relies on the assumption that at least some accounts will be using insecure passwords.

Compare this to brute-forcing, which involves guessing many passwords against a single account, in a way that is usually more apparent in logs.