The threat actors are exploiting noninteractive sign-ins, an authentication feature that security teams don't typically monitor. https://www.darkreading.com/cyberattacks-data-breaches/microsoft-365-accounts-sprayed-mega-botnet
X
We would like to inform you that the domain chat-to.dev, as well as the associated project, is available for purchase. Those interested in negotiating or obtaining more information can contact us at contact@chat-to.dev.
We would like to thank everyone who has followed and supported the project so far.
and this happens now that they are testing the free [version of office](https://www.windowscentral.com/software-apps/office-365/microsoft-quietly-launches-free-ad-supported-version-of-office-apps-for-windows-with-limited-functionality)