Summary: Volexity has reported on a series of sophisticated phishing attacks by Russian threat actors targeting Microsoft 365 accounts through a method known as Device Code Authentication. The attackers use spear-phishing emails and social engineering tactics to trick users into revealing their login credentials, thereby facilitating long-term access to valuable accounts. This espionage effort particularly focuses on organizations in the U.S., EU, and Ukraine while exploiting lesser-known authentication procedures to bypass multi-factor authentication measures.
Affected: Microsoft 365 accounts and organizations in the United States, European Union, and Ukraine
Keypoints :
- Multiple Russian threat actor groups, including CozyLarch and UTA0307, are utilizing Device Code Authentication phishing methods.
- Attackers impersonate officials from various government and research institutions to lure victims into sharing credentials.
- Phishing methods employ real-time code entry, enhancing the likelihood of success before codes expire.