Russian cyberattackers spotted hitting Microsoft Teams with new phishing campaign
Posted by:
James Thompson
A new phishing attack vector, named Storm-2372, has been identified by Microsoft targeting governments, NGOs, and various industries across Europe, North America, Africa, and the Middle East. The attackers are using ‘device code phishing’ through Microsoft Teams to steal access tokens from victims. This allows them to gain access to sensitive data including emails. The group behind the attack, linked with medium confidence to Russia, uses tactics like building rapport with victims, sending fake device code authentication requests, and lateral movement using the stolen tokens. To combat this threat, Microsoft advises disabling device code flow, providing phishing training, revoking access tokens suspected of being compromised, and implementing sign-in risk-based policies.
Recent Posts1
