Summary: Microsoft has identified a new cyber threat cluster known as Storm-2372, linked to Russian interests, targeting a wide array of sectors through innovative phishing tactics since August 2024. The threat actors utilize a method called ‘device code phishing,’ tricking users into granting access to their accounts via fake Microsoft Teams invitations. Mitigation strategies include blocking device code flows and implementing phishing-resistant multi-factor authentication.
Affected: Government, NGOs, IT services, defense, telecommunications, health, higher education, and energy sectors globally.
Keypoints :
- Storm-2372 employs device code phishing to capture authentication tokens, gaining access to compromised accounts.
- The threat actors disguise their messages as legitimate communications from prominent individuals to build trust and facilitate attacks.
- Organizations are advised to implement strong security measures, including blocking device code flow and enabling phishing-resistant MFA.
Source: https://thehackernews.com/2025/02/microsoft-russian-linked-hackers-using.html