Phishy Business: Russia-Linked Hackers Baiting Microsoft 365 with Device Code Scams
A Russian-linked group is phishing for Microsoft 365 accounts using device code phishing. By posing as prominent figures, they trick victims into entering codes on genuine sign-in pages. This gives them access to Microsoft services without needing a password. Protect yourself by blocking device code flows and enforcing Conditional Access policies.
Hot Take:
Looks like the cyber equivalent of Russian nesting dolls just got a new addition! Storm-237 is out there turning Microsoft 365 accounts into sitting ducks with a sneaky phishing campaign. And here we thought device codes were as harmless as those four-digit pins your grandma uses!
Key Points:
– A cyber campaign, suspected to be linked to Russia, is targeting Microsoft 365 accounts with device code phishing.
– The campaign, dubbed Storm-237, focuses on sectors like government, NGOs, and tech across various regions.
– Hackers use fake meeting invitations to lure victims into entering malicious device codes.
– The threat actors exploit Microsoft Authentication Broker to maintain access and gather data.
– Microsoft recommends blocking device code flow and setting Conditional Access policies as defense measures.