storm-237

Storm-237 is a sophisticated device code phishing campaign tracked by Microsoft's threat intelligence team. The threat actors, potentially linked to Russian interests, abuse Microsoft's device code authentication flow to hijack Microsoft 365 accounts. This campaign targets individuals in high-stakes sectors such as government, defense, telecommunications, health, and energy across Europe, North America, Africa, and the Middle East. Discussions on WindowsForum.com cover how these attacks work, what makes them dangerous, and how Windows users and IT professionals can defend against them. The tag provides insights into the technical mechanisms of the phishing technique and practical mitigation strategies for organizations using Microsoft 365.