Microsoft has exposed a complex network of compromised devices that Chinese hackers are using to launch highly evasive password spray attacks against Microsoft Azure customers. This network, dubbed CovertNetwork-1658 by Microsoft, has been actively stealing credentials from multiple Microsoft customers since August 2023.

The attacks use a botnet of thousands of small office and home office (SOHO) routers, cameras, and other Internet-connected devices. At its peak, there were more than 16,000 devices in the botnet, most of which were TP-Link routers.