<ul><li>Russian spies have been using a technique called device code phishing to hijack Microsoft 365 accounts.</li><li>The technique exploits 'device code flow' in the OAuth standard, which is used for authentication for devices like printers and smart TVs.</li><li>Instead of directly authenticating the user, the technique involves displaying a device code and link associated with the user account.</li><li>The user enters the code on a different device, which then allows the remote server to log into the account.</li></ul>

Russian spies use device code phishing to hijack Microsoft accounts

Discover more