Russian state-backed advanced persistent threat (APT) group Storm-2372 has exploited device code phishing to bypass multi-factor authentication (MFA) and infiltrate high-value targets across governments, NGOs, and critical industries. Since August 2024, this group has weaponized the OAuth device authorization flow”, a legitimate authentication mechanism”, to hijack user sessions and exfiltrate sensitive data. Microsoft Threat Intelligence researchers, alongside […] The post Russian APT Hackers Use Device Code Phishing Technique to Bypass MFA appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/russian-apt-hackers-use-device-code-phishing-technique/