Microsoft Warns of Russian-Linked Hackers Using ‘Device Code Phishing’ to Compromise Accounts
February 14, 2025
Enterprise Security / Cyber Attack
Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.
Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.
Enterprise Security / Cyber Attack
Microsoft Warns of Russian-Linked Cyber Attack Group Utilizing ‘Device Code Phishing’ Tactics February 14, 2025 Enterprise Security / Cyber Attack Microsoft has issued an urgent advisory regarding a rising threat actor, designated as Storm-2372, which is reportedly linked to Russian cyber interests. Since August 2024, this group has launched a…
Microsoft Warns of Russian-Linked Hackers Using ‘Device Code Phishing’ to Compromise Accounts
February 14, 2025
Enterprise Security / Cyber Attack
Microsoft has highlighted a new threat group known as Storm-2372, linked to a series of cyberattacks that have targeted multiple sectors since August 2024. The attacks focus on government entities, NGOs, IT services, defense, telecommunications, healthcare, higher education, and the energy sector across Europe, North America, Africa, and the Middle East.
Evaluated with medium confidence to align with Russian interests, the threat actors utilize messaging platforms such as WhatsApp, Signal, and Microsoft Teams. They impersonate notable figures relevant to their targets to gain trust. The attacks employ a phishing method known as ‘device code phishing,’ which deceives users into logging into productivity applications, allowing the actors to capture the login tokens for malicious use.
