Microsoft warned that these attacks are “particularly high risk” for impacted organizations.
The global campaign, which occurred between July and September, mostly targeted organizations in the Americas region.
The two important-severity flaws are publicly known and are part of Microsoft’s regularly scheduled Patch Tuesday releases, which overall included more than 100 fixes.
An Iran state-backed group called Peach Sandstorm is using password spraying attacks to target cloud environments in organizations across many industries.
Microsoft is warning enterprises about a recent Teams-based phishing campaign operated by a developing thrat group known as Storm-0342.