A rainbow table attack is a type of credential attack that uses a “rainbow table” to crack the password hashes in a database. A rainbow table is a matrix of hashed passwords and their decrypted counterparts. Generally, applications store passwords in an encrypted (hashed) format. When a user logs in with their password, the password is converted to hashes, which is then compared to the stored hashed password.
In a rainbow table attack, a hacker will have a list of stolen hashed passwords. They use the rainbow table to determine the plaintext password. Rainbow table attacks are less common these days as most hashes are "salted." This means they add random data before the hashing function is applied, so that the hashed values differ.
Some developers and applications still don’t utilize hashing, however, so it's important to take steps to decrease your risk from rainbow table attacks.
A hacker exploits a vulnerability to gain access to a company’s Active Directory and exfiltrate the password hashes. By executing a rainbow table attack, they decrypt the hashes into plaintext passwords.