The Daily Patch
Back to News
phishingšŸŒInternationalThe Hacker News

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

Friday, December 19, 2025

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

What

A phishing campaign using device code authentication workflows to steal Microsoft 365 credentials and facilitate account takeovers.

Where

Targets include government, think tanks, higher education, and transportation sectors in the U.S. and Europe.

When

Ongoing since September 2025.

Key Factors

  • ā€¢Use of compromised email addresses for benign outreach to build rapport with targets.
  • ā€¢Phishing technique involves redirecting victims to a legitimate Microsoft login page after entering a code.
  • ā€¢Availability of user-friendly crimeware tools like Graphish and SquarePhish enabling low-skilled actors to conduct sophisticated attacks.

Takeaways

  • ā†’Implement Conditional Access policies to block device code flow for all users.
  • ā†’The rise of device code phishing tactics highlights the need for enhanced user education on authentication methods.
  • ā†’Organizations should consider an allow-list approach for device code authentication to mitigate risks.
Read Full Article

Opens original article on The Hacker News

Similar News

Google Cloud Service Abused in Widespread Phishing Campaign

Google Cloud Service Abused in Widespread Phishing Campaign

Baden-WĆ¼rttemberg State Ministry Shop Breached via Critical Vulnerability

Baden-WĆ¼rttemberg State Ministry Shop Breached via Critical Vulnerability

INCIBE Warns of Dark Web Data Leaks and 'Child in Distress' Phone Scams

INCIBE Warns of Dark Web Data Leaks and 'Child in Distress' Phone Scams

Using AI-Generated Images to Get Refunds

Using AI-Generated Images to Get Refunds