More than 1.5 million malicious and spam emails were delivered by threat actors using roughly 4,000 accounts compromised via ATO during March 2019 within a single month. 29 percent of the monitored organizations had their Office 365 accounts infiltrated in ATO attacks. Chinese IP addresses were the most encountered with almost a quarter of the total number of attempts, with attackers also using servers located in Brazil (9%), Russia (7%), Netherlands (5%), and Vietnam (5%) Barracuda advises organizations to use machine-based defense solutions.
Source: https://www.bleepingcomputer.com/news/security/office-365-accounts-compromised-via-ato-attacks-used-in-bec-scams/