Microsoft - February 13, 2025 Storm-2372 conducts device code phishing campaign https://www.microsoft.com/en-us/sec...-2372-conducts-device-code-phishing-campaign/ Executive summary: "Today we’re sharing that Microsoft discovered cyberattacks being launched by a group we call Storm-2372, who we assess with medium confidence aligns with Russia’s interests and tradecraft. The attacks appear to have been ongoing since August 2024 and have targeted governments, NGOs, and a wide range of industries in multiple regions. The attacks use a specific phishing technique called “device code phishing” that tricks users to log into productivity apps while Storm-2372 actors capture the information from the log in (tokens) that they can use to then access compromised accounts. These tokens are part of an industry standard and, while these phishing lures used Microsoft and other apps to trick users, they do not reflect a vulnerability unique to Microsoft nor have we found any vulnerabilities in our code base enabling this activity." Read there more!
