Russian hackers are leveraging legitimate OAuth 2.0 authentication processes to infiltrate Microsoft 365 accounts, particularly targeting employees associated with Ukraine and human rights. Posing as European officials, attackers initiate contact through apps like WhatsApp and Signal, enticing victims into giving up authentication codes or clicking malicious links. Cybersecurity firm Volexity has been monitoring this behavior, which began in March and follows a similar campaign reported in February. Both operations are attributed to groups UTA0352 and UTA0355 from Russia, highlighting concerning trends in social engineering and phishing tactics in cyber warfare.
In a report published today, the researchers describe how the attack begins with a message via Signal or WhatsApp. The message was sent from a hacked Ukrainian government account.
The goal is to trick potential victims into handing over Microsoft authorization codes that grant access to accounts or into clicking on malicious links that collect login credentials.
Collection
[
|
...
]