<ul><li>Russia-linked group Storm-2372 has been using device code phishing technique since August 2024.</li><li>The group targets governments, NGOs, and various industries through phishing messages posing as Microsoft Teams meeting invitations.</li><li>They trick users into logging in with a threat actor-generated device code, allowing them to steal login tokens and gain access to accounts and data.</li><li>Microsoft advises organizations to block device code flow, enable MFA, and implement the principle of least privilege to mitigate these attacks.</li></ul>

Storm-2372 used the device code phishing technique since August 2024

Discover more