You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
storm-2372
About this tag
Storm-2372 is a Russian state-backed advanced persistent threat (APT) group that has been active since August 2024, primarily targeting Microsoft 365 accounts through device code phishing. This technique exploits the legitimate OAuth device authorization flow to bypass multi-factor authentication (MFA). The group often masquerades as high-ranking officials from government bodies such as the US State Department or Ukrainian Ministry of Defense, using Microsoft Teams invites and other lures. Microsoft has issued warnings about this campaign, which poses significant risks to Windows users, IT administrators, and critical infrastructure. Understanding the mechanics of device code phishing and implementing robust security measures are essential for defense.
Innovative Phishing Tactics Threaten Critical Infrastructure
Russian state-backed APT group Storm-2372 has triggered a new alarm in the cybersecurity community by leveraging an ingenious form of device code phishing to sidestep multi-factor authentication (MFA). This sophisticated attack...
In today's fast-paced digital landscape, cybercriminals continually refine their methods, and Microsoft's latest warning against the threat actor group Storm-2372 is a wake-up call for Windows and Microsoft 365 users alike. This campaign highlights a sophisticated device code phishing attack...
Published: February 17, 2025
In a sophisticated cyberattack that underscores the evolving threat landscape, Microsoft’s Threat Intelligence Center has uncovered a long-running campaign by Russian hackers intent on stealing Microsoft 365 accounts. Using a clever twist on the device code...
In a stark reminder of how cyber threats are continually evolving, Microsoft has issued a warning over a persistent phishing campaign led by the threat group Storm-2372. Believed to be tied to Russian interests, this sophisticated attack targets Microsoft 365 accounts using an attack vector...
A clever new breed of phishing scam is on the rise and it's catching even the savviest users off guard. Researchers have uncovered a sustained campaign where Russian spies are using a technique known as "device code phishing" to gain unauthorized access to Microsoft 365 accounts. Windows users...
In a startling development that reads like a spy thriller, cybercriminals—allegedly with Kremlin ties—are exploiting Microsoft Teams invites to wage a sophisticated phishing campaign. If you've ever felt a twinge of apprehension upon receiving an unexpected Teams meeting invitation, you may well...
In a digital twist worthy of a cyber-thriller, Microsoft’s latest security intelligence reveals that a group tagged Storm-2372 is ramping up its phishing campaign. Using a sophisticated variant of device code phishing, the threat actor has been active since August 2024—and just recently, on...
In a sophisticated twist on traditional cyberattacks, a spear-phishing campaign is now targeting Microsoft 365 accounts by hijacking the genuine device code authentication process. This emerging attack vector, steeped in deception and ingenuity, transforms a legitimate login mechanism into a...