Re: "a password spray attack to compromise a legacy non-production test tenant account"
We are to believe that the hackers went from a legacy test system to accessing the email accounts of top executives and security employees at Microsoft, plus also accessing customer accounts - check the HPE news. Somebody needs to explain how is that possible? Did the test system have a direct connection and trust relationship with the production system? Did the hackers gain SysAdmin access to the test system through a password spray attack? That is like a bank leaving the door of an office unlocked overnight, without security, and then also leaving a pile of cash in a plastic bag under a desk. It is more than carelessness; it would look like either supreme stupidity or an inside job... Never underestimate the amount of stupidity in the world, though.