welcome
About us
Newsletter
News Widget
Media Inquiries

Summary

Russian Phishing Targets Microsoft 365

This is a news story, published by Ars Technica, that relates primarily to Microsoft news.

software applications news

For more software applications news, you can click here:

more software applications news

Ars Technica news

For more news from Ars Technica, you can click here:

more news from Ars Technica

About the Otherweb

Otherweb, Inc is a public benefit corporation, dedicated to improving the quality of news people consume. We are non-partisan, junk-free, and ad-free. We use artificial intelligence (AI) to remove junk from your news feed, and allow you to select the best tech news, business news, entertainment news, and much more. If you like software applications news, you might also like this article about

device code phishing

. We are dedicated to bringing you the highest-quality news, junk-free and ad-free, about your favorite topics. Please come every day to read the latest clever phishing technique news, authentication news, software applications news, and other high-quality news about any topic that interests you. We are working hard to create the best news aggregator on the web, and to put you in control of your news feed - whether you choose to read the latest news through our website, our news app, or our daily newsletter - all free!

Device authorization
Ars Technica

Ars Technica

Technology

Technology

Russian spies use device code phishing to hijack Microsoft accounts

Ars Technica
Summary
Nutrition label

74% Informative

Russian spies are using a phishing technique to hijack Microsoft 365 accounts, researchers say.

The technique is known as device code phishing.

It exploits a form of authentication formalized in the industry-wide OAuth standard.

Device authorization relies on two paths: one from an app or code running on the input-constrained device seeking permission to log in and the other from the user's browser.

VR Score

70

Informative language

66

Neutral language

28

Article tone

semi-formal

Language

English

Language complexity

63

Offensive language

not offensive

Hate speech

not hateful

Attention-grabbing headline

not detected

Known propaganda techniques

not detected

Time-value

short-lived

External references

3

https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/https://tools.ietf.org/html/draft-ietf-oauth-device-flow-07#section-3.4https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/

Source diversity

3

www.volexity.comtools.ietf.orgwww.microsoft.com

Affiliate links

no affiliate links

Read full article