Threat actors suspected to be linked to Russia are targeting Ukrainian individuals and organizations, aiming to gain access to Microsoft 365 accounts. The campaign targeting Ukrainian allies began in early March 2025 and features social engineering operations such as device code phishing. The attackers attempt to convince their victim to click a link and send them back a Microsoft-generated code. Signal and WhatsApp are used to contact targets, tricking them into joining calls for meetings with European political officials. 

Read more: https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html