KEY TAKEAWAYS Volexity has observed multiple Russian threat actors conducting social-engineering and spear-phishing campaigns targeting organizations with the ultimate goal of compromising Microsoft 365 accounts via Device Code Authentication phishing. Device Code Authentication phishing follows an atypical workflow to that expected by users, meaning users may not recognize it as phishing. Recent campaigns observed have been politically themed, particularly around the new administration in the United States and the changes this might mean for nations around the world. Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal. Through its investigations, Volexity discovered that Russian threat actors were impersonating […]
