Blog

The FBI, NSA, and other global authorities are warning vital infrastructure organizations about the rise of password spraying and MFA fatigue (push bombing) attacks.

Hackers use common passwords to access accounts, then repeatedly send MFA requests until a user mistakenly approves one, granting access.

Once in, attackers register their own devices for persistent control.

Targeted services include Microsoft 365, Azure, and Citrix, with lateral movement via Remote Desktop Protocol (RDP) also reported.

Authorities advise strict monitoring, MFA security, and disabling unused accounts to counter these threats.

Read the CISA article for more information.