Microsoft Warns of Hackers Using Device Code Phishing to Steal Emails
Microsoft has issued a critical security warning about an ongoing device code phishing campaign that is actively targeting Microsoft 365 users across various industries. According to the Microsoft Threat Intelligence Center (MSTIC), the attacks are being carried out by a threat actor labeled Storm-2372, which is believed to be linked to a nation-state operation that aligns with Russia’s geopolitical interests. These sophisticated attacks aim to steal emails and other sensitive data by exploiting the device code authentication flow, a security mechanism commonly used for input-constrained devices like smart TVs, IoT devices, and streaming services. By tricking users into entering malicious … Read more