A tester is attempting to gain access by trying every possible password and uses a tool that divides the attack space into chunks and targets them randomly. What type of attack is this?

Exhaustively trying every possible password defines this approach. A brute force attack aims to guarantee access by systematically testing all possible password combinations until one works. Using a tool that divides the attack space into chunks and targets them randomly is just a way to speed things up and distribute the workload in parallel, sometimes to avoid detection or rate limits, but the underlying method is still brute forcing through all possibilities. Credential stuffing relies on known credential pairs obtained from breaches and reuses them, which isn’t about guessing from all possible combinations. A dictionary attack uses a predefined list of likely passwords rather than every possible combination. Social engineering avoids guessing passwords altogether and instead manipulates people.