storm-2372

Innovative Phishing Tactics Threaten Critical Infrastructure Russian state-backed APT group Storm-2372 has triggered a new alarm in the cybersecurity community by leveraging an ingenious form of device code phishing to sidestep multi-factor authentication (MFA). This sophisticated attack...

In today's fast-paced digital landscape, cybercriminals continually refine their methods, and Microsoft's latest warning against the threat actor group Storm-2372 is a wake-up call for Windows and Microsoft 365 users alike. This campaign highlights a sophisticated device code phishing attack...

Published: February 17, 2025 In a sophisticated cyberattack that underscores the evolving threat landscape, Microsoft’s Threat Intelligence Center has uncovered a long-running campaign by Russian hackers intent on stealing Microsoft 365 accounts. Using a clever twist on the device code...

In a stark reminder of how cyber threats are continually evolving, Microsoft has issued a warning over a persistent phishing campaign led by the threat group Storm-2372. Believed to be tied to Russian interests, this sophisticated attack targets Microsoft 365 accounts using an attack vector...

A clever new breed of phishing scam is on the rise and it's catching even the savviest users off guard. Researchers have uncovered a sustained campaign where Russian spies are using a technique known as "device code phishing" to gain unauthorized access to Microsoft 365 accounts. Windows users...

In a startling development that reads like a spy thriller, cybercriminals—allegedly with Kremlin ties—are exploiting Microsoft Teams invites to wage a sophisticated phishing campaign. If you've ever felt a twinge of apprehension upon receiving an unexpected Teams meeting invitation, you may well...

In a digital twist worthy of a cyber-thriller, Microsoft’s latest security intelligence reveals that a group tagged Storm-2372 is ramping up its phishing campaign. Using a sophisticated variant of device code phishing, the threat actor has been active since August 2024—and just recently, on...

In a sophisticated twist on traditional cyberattacks, a spear-phishing campaign is now targeting Microsoft 365 accounts by hijacking the genuine device code authentication process. This emerging attack vector, steeped in deception and ingenuity, transforms a legitimate login mechanism into a...