Microsoft is reporting that an ongoing campaign by Russian hackers is targeting government and private organizations. The global campaign uses device code phishing to compromise accounts. Impacted companies are in the government, defense, and telecoms industry, among others. The Russia-linked threat actor is tracked as Storm-2372 and has been active since at least August 2024. In device code phishing, accounts are authenticated from devices which cannot perform interactive authentications. The threat actor can then access email and cloud storage services that the victim has permissions to. 

Read more: https://www.securityweek.com/russian-state-hackers-target-organizations-with-device-code-phishing/