Close Menu
NoMusica.com
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram
    NoMusica.comNoMusica.com
    • Entertainment
    • Music
      • Music Production
    • Tech
      • AI
      • Electronics & Gadgets
      • Apps & Updates
      • Smartphones
    • Films & Shows
    • Gaming
    • Streaming
    NoMusica.com
    Home»Tech & Science

    Microsoft Exposes Russian Cybercriminals Using Device Code Phishing to Hijack Accounts

    February 14, 2025
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Microsoft has uncovered a new set of cyberattacks linked to a group known as Storm-2372, which is using a device code phishing technique to hijack accounts.

    These attacks, attributed to Russian interests, have been targeting various sectors, including government organizations, NGOs, IT services, defense, and telecommunications, since August 2024.

    The attacks have spanned Europe, North America, Africa, and the Middle East.

    How Device Code Phishing Works

    The attackers are employing a clever phishing tactic, where they send out phony Microsoft Teams meeting invitations designed to trick victims into logging in using device codes.

    Once the victim enters the device code on a legitimate-looking sign-in page, the hackers capture the authentication tokens, which they use to access the victim’s account.

    Impact and Danger

    These authentication tokens enable the hackers to gain access to sensitive data and other services linked to the compromised account, such as cloud storage or email, without needing the user’s password.

    The attackers also gain persistent access to the victim’s environment as long as the tokens remain valid.

    Once inside, the attackers can move laterally within the network, compromising other accounts and searching for sensitive information.

    They have been using Microsoft Graph to search messages for terms like “username,” “password,” “admin,” “credentials,” and even “secret” to exfiltrate valuable data.

    Mitigation Strategies

    To protect against this type of attack, Microsoft recommends organizations to block device code flow where possible and implement phishing-resistant multi-factor authentication (MFA).

    Additionally, applying the principle of least privilege can limit the potential damage caused by a compromised account.

    By staying aware of these tactics and improving their security protocols, organizations can better defend against the growing threats of device code phishing and other evolving cyberattacks.

    Cyberattacks Microsoft
    Sazid Kabir
    • Website
    • X (Twitter)
    • Pinterest
    • Instagram
    • LinkedIn

    Founder & Chief Editor, NoMusica.com. Sazid Kabir is a tech writer and music producer covering music, tech, and music production with both analytical and practical experience.

    Keep Reading

    New UK Law Could Stop Under-16s From Using TikTok, Instagram and More

    10 Free AI Courses With Certificates for High-Income Skills in 2026

    7 Best Knowledge Base Tools for Learning in 2026 (Ranked)

    Best Open-Source Softwares in 2026: Safe, Free Tools for Creators, Developers, and Everyday Use

    5 Best Free Audio Editing Software in 2026: For Podcasts & Music

    15 AI Tools Musicians Can Use to Create and Promote Music

    Add A Comment
    Leave A Reply Cancel Reply

    Latest Posts

    Serena Williams Returns and Using GLP-1 Peptides To Improve Her Health

    July 14, 2026

    Future’s The Real Me Debuts Strong but Draws Mixed Reviews

    July 12, 2026

    Rumors of Cardi B Dating Maduka Okoye Sparked After Pair Spotted Together in Paris

    July 9, 2026

    Nipsey Hussle’s Children Finally Receive Shares of His Multimillion-Dollar Estate

    July 8, 2026

    Battle Rap Pioneer MC Sparky D Dies at 61

    July 8, 2026
    Pages
    • Home
    • Blog
    • About
    • Contact
    • Advertise
    • Cookie Policy
    • Privacy Policy
    Categories
    • AI
    • Tech & Science
    • Films & TV Shows
    • Entertainment
    • Music
    • Streaming
    • Music Production
    Random Reads

    Bob Vylan Says BA Dropped Sponsorship as ‘Scare Tactic’

    “I’ll Clean It Myself”: Ari Fletcher Frustrated Over Housekeeping Costs

    U.S. Allows Nvidia H20 Chip Shipments to Prevent Chinese Tech Leap

    Facebook X (Twitter) Instagram Pinterest
    © 2026 WowPress Digital

    Type above and press Enter to search. Press Esc to cancel.