Researchers have identified an ongoing campaign by Russian spies that employs device code phishing to hijack Microsoft 365 accounts. This method exploits device code flow, a form of authentication mainly used for devices lacking browser support. By initiating conversations on messenger apps and impersonating high-ranking officials, the threat actors manipulate their targets into unwittingly providing access to their accounts. Advisories from security firms emphasize the sustained nature of this campaign and highlight the need for heightened security measures against such tactics.
Device code phishing is a concerning tactic by Russian spies, leveraging OAuth’s device code flow to compromise Microsoft 365 accounts across diverse targets.
This sophisticated campaign utilizes a seemingly benign authentication method, exploiting device code flows designed for devices that lack browsers, highlighting the evolving landscape of cyber threats.
Collection
[
|
...
]