Massive IMAP-based password-spraying attacks successfully breached Microsoft Office 365 and G Suite accounts, according to an analysis by Proofpoint. This technique takes advantage of the fact that the legacy authentication IMAP protocol bypasses MFA, allowing malicious actors to perform credential stuffing attacks against assets that would have been otherwise protected. The attackers would use the breached cloud accounts to disseminate malware throughout the targeted organizations, gain access to confidential information that can either be sold or used as part of future attacks.
Source: https://www.bleepingcomputer.com/news/security/multi-factor-auth-bypassed-in-office-365-and-g-suite-imap-attacks/