Enterprise Office 365 accounts were hit with a brute-force attack in one of the earliest operationalized cloud-to-cloud business attacks. Attackers tried logging in with different versions of employees’ usernames, a sign they may have already possessed names and passwords. The “slow-and-low” pace of attacks indicates threat actors were trying to stay under the radar. For each business, only a handful of senior employees were targeted; all those who were hit have been notified of the attacks.”]