Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Russian threat actors are conducting social-engineering and spear-phishing campaigns to compromise Microsoft 365 accounts using Device Code Authentication phishing. This method has proven more effective than traditional techniques. Campaigns have targeted organizations with politically-themed lures, impersonating entities like the US Department of State and Ukrainian Ministry of Defence. Three distinct threat actors (UTA0304, CozyLarch/APT29, and UTA0307) have been identified using similar tactics but with slight variations in their approach and infrastructure. The attacks exploit users' unfamiliarity with the Device Code Authentication process, making it challenging to recognize as phishing. Detection methods and preventive measures are available but often not implemented by organizations.
OPENCTI LABELS :
phishing,social engineering,russia,spear-phishing,microsoft 365,oauth,device code authentication
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication