Microsoft has identified a new threat cluster, Storm-2372, responsible for cyber attacks against multiple sectors since August 2024, including government and technology. Attributed to a threat actor with potential Russian ties, these cyber exploits employ device code phishing techniques designed to mislead users via trusted messaging apps into compromising their account credentials. This method enables attackers to gain sensitive access and maintain persistence within victim environments as long as the captured tokens remain valid. The campaign highlights the evolving tactics in cyber espionage.
The attacks use a specific phishing technique called 'device code phishing' that tricks users to log into productivity apps while Storm-2372 actors capture the information.
During the attack, the threat actor generates a legitimate device code request and tricks the target into entering it into a legitimate sign-in page.
Collection
[
|
...
]