#device-code-phishing

[ follow ]
#microsoft-365 #account-takeover #russia-aligned #apt29 #watering-hole #cyber-espionage
Information security
fromThe Hacker News
4 days ago

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

UNK_AcademicFlare used device-code phishing to steal Microsoft 365 credentials and conduct account takeovers targeting government, think tanks, higher education, and transportation since September 2025.
Information security
fromThe Hacker News
3 months ago

Amazon Disrupts APT29 Watering Hole Campaign Abusing Microsoft Device Code Authentication

Russia-linked APT29 ran a watering hole campaign redirecting visitors to attacker-controlled domains to trick users into authorizing devices via Microsoft's device code authentication flow.
[ Load more ]