The global network infrastructure is experiencing a wave of sophisticated cyber intrusions as states-sponsored and financially motivated hackers are increasingly exploiting a legitimate Microsoft authentication mechanism to seize control of enterprise accounts in a broad range of sectors.
There has been a recent investigation which uncovered attackers with ties to both Russian and Chinese interests have been exploiting Microsoft’s OAuth 2.0 device authorization grant flow in an effort to deceive users into unknowingly granting them access to their Microsoft 365 environments through this feature designed to simplify secure logins.
Through the use of fraudulently masquerading institutions and convincing targets to authenticate using authentic Microsoft services, attackers are able to obtain valid access tokens that enable persistent account compromises without requiring the compromise of the target’s password.
The Russian-linked threat actor Storm-2372 has been targeting government bodies and private organizations since August 2024 and has been one of the most active groups in this regard.
In order to get the highest level of effectiveness from the device code phishing tactics, it has been proven to be more effective than conventional spear-phishing tactics. It has been conducted throughout Africa, Europe, the Middle East, and North America. Government, defence, healthcare, telecommunications, education, energy, and non-government organizations have been
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: