A group known as Storm-2372, likely connected to the Kremlin, has perpetuated a phishing campaign via bogus Microsoft Teams invites to steal authentication tokens from individuals in government, NGOs, and various business sectors since August 2024. By initially engaging potential victims through messaging platforms such as WhatsApp and Signal, the attackers build trust before sending fraudulent invites. This attack employs a method called device code phishing, which requires victims to provide personal credentials and device verification codes, thereby granting the attackers illicit access to sensitive information.
Storm-2372 is a Kremlin-linked group exploiting Microsoft Teams invites to phish sensitive information, targeting governments and organizations across multiple global sectors.
The phishing campaign, ongoing since August 2024, utilizes device code phishing to gain victims' trust via messaging apps before sending spoofed Teams invites.
Collection
[
|
...
]