Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow—a legitimate authentication mechanism—to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence researchers, alongside […]

The post Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Source: gbHackers
Source Link: https://gbhackers.com/russian-apt-hackers-use-device-code-phishing-technique/