Overview
A new phishing campaign, attributed to a threat actor known as Storm-2372, is targeting Microsoft accounts across multiple sectors. Microsoft’s Threat Intelligence Centre believes that Storm-2372 is linked to a nation-state operation that aligns with Russian interests, based on their tradecraft, victimology, and tactics.
Storm-2372’s attack employs a phishing technique known as device code phishing, which exploits device code authentication flows. Devices often rely on a code-based system for users to sign into apps by entering an authentication code on a separate device.