silentloom

Premium

SILENTLOOM: A Reused Device Pool Behind a Quiet Microsoft 365 Password Attack

A partner pulled the source IPs behind a quiet, low-and-slow password attack on three Microsoft 365 accounts, and we ran both June waves through ClusterHawk. The pool is hijacked home and small-office gear across global telecoms, reused between waves (124 of 146 second-wave IPs), with a verified Airtel M360-P tracking marker.

silentloommicrosoft-365brute-forcebotnetiotinfrastructure-analysisthreat-intelligencethreat-huntingclusteringhunting-queries
CR

By Chawkr Reports

06/07/2026

This content requires premium access. Subscribe for full threat intelligence reports and analysis.

Premium
Premium content

SILENTLOOM: A Reused Device Pool Behind a Quiet Microsoft 365 Password Attack

Premium access required

Comments (0)