Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code Authentication attacks are not new, they appear to have been rarely leveraged by nation-state threat actors. Volexity’s visibility into targeted attacks indicates this particular method has been far more effective than the combined effort of years of other social engineering and spear-phishing attacks conducted by the … More
The post Threat actors are using legitimate Microsoft feature to compromise M365 accounts appeared first on Help Net Security.
This article has been indexed from Help Net Security