Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts
Feb 14, 2025
Enterprise Security / Cyber Attack
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East. The threat actor, assessed with medium confidence to be aligned with Russian interests, victimology, and tradecraft, has been observed targeting users via messaging apps like WhatsApp, Signal, and Microsoft Teams by falsely claiming to be a prominent person relevant to the target in an attempt to build trust. "The attacks use a specific phishing technique called 'device code phishing' that tricks users to log into productivity apps while Storm-2372 actors capture the information from the log in (tokens) that they can us...