Since March 2025, multiple suspected Russia-linked threat actors have been intensifying efforts to infiltrate the accounts of individuals and organizations associated with Ukraine and human rights. According to security researchers from Volexity, these operations indicate a shift from previous phishing methods, moving towards sophisticated social engineering that involves direct interaction with targets. Utilizing messaging platforms like Signal and WhatsApp, attackers impersonate officials while exploiting legitimacy in Microsoft OAuth systems to trick victims into providing sensitive authentication codes.
Multiple suspected Russia-linked threat actors are aggressively targeting individuals and organizations with ties to Ukraine to gain unauthorized access to Microsoft 365 accounts.
These recently observed attacks rely heavily on one-on-one interaction with a target, convincing them to click a link and send back a Microsoft-generated code.
Messaging apps such as Signal and WhatsApp are used to contact targets, inviting them to join video calls with national European officials, further enhancing the deceit.
The latest attacks exploit Microsoft OAuth 2.0 Authentication workflows, indicating a sophisticated evolution in tactics by Russian adversaries.
Collection
[
|
...
]