CyberSecurityBoard
Sponsor Register Login

Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA

To defend against these sophisticated attacks, cybersecurity professionals should implement conditional access policies that restrict authentication based on device compliance and geographic location, regularly audit OAuth token requests, deploy phishing-resistant MFA solutions using FIDO2 security keys rather than SMS-based verification, and conduct comprehensive security awareness training focusing specifically on these emerging threats. A sophisticated cyber campaign orchestrated by the Russian state-backed group Storm-2372 has emerged, exploiting device code phishing tactics to circumvent Multi-Factor Authentication (MFA) security measures. The device code phishing attack exploits the OAuth 2.0 device authorization grant flow, which was designed to help users authenticate on devices with limited input capabilities. The device code phishing technique weaponizes a legitimate authentication method originally designed to simplify login processes for devices with limited input capabilities. By leveraging actual OAuth device authorization flows, the attackers can bypass traditional phishing detection systems that look for counterfeit login pages. In these attacks, victims receive seemingly authentic phishing messages that direct them to genuine authentication portals, creating a false sense of security while the attackers operate behind the scenes. This targeted approach represents a significant escalation in threat actors’ capabilities to defeat advanced security systems through social engineering, allowing attackers to gain unauthorized access to high-value targets without triggering traditional security alerts. These messages guide targets to actual login pages such as Microsoft’s device code portal, where victims are instructed to enter an attacker-generated code. When implemented legitimately, this flow allows users to authenticate on a separate device and then use a code to authorize access on the original device.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 10 Apr 2025 09:45:13 +0000


Cyber News related to Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA

What is adaptive multifactor authentication? - Adaptive multifactor authentication is a security mechanism intended to authenticate and authorize users through a variety of contextual authentication factors. Adaptive MFA essentially poses different sets of authentication requirements based on the ...
1 year ago Techtarget.com
Misconfigured MFA Increasingly Targeted by Cybercriminals - In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication issues, according to the latest Cisco Talos report. A quarter of these incidents were caused by users accepting fraudulent ...
9 months ago Securityboulevard.com
MFA and supply chain security: It's no magic bullet - With attackers increasingly targeting developer accounts and using them to poison software builds, manipulate code, and access secrets and data, development teams are under pressure to lock down their development environments. Attackers are targeting ...
1 year ago Securityboulevard.com
MFA vs 2FA: Which Is Best for Your Business? - If a user falls for a phishing scam and their credentials are compromised, multi-factor authentication or two-factor authentication provide an additional safeguard against a breach. MFA uses authentication factors such as a pin, an SMS code, an ...
1 year ago Techrepublic.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
Russian APT Hackers Using Device Code Phishing Technique to Bypass MFA - To defend against these sophisticated attacks, cybersecurity professionals should implement conditional access policies that restrict authentication based on device compliance and geographic location, regularly audit OAuth token requests, deploy ...
3 days ago Cybersecuritynews.com
Who is the DOGE and X Technician Branden Spikes? – Krebs on Security - Branden Spikes California Russian Association Congress of Russian Americans Constellation of Humanity Cyberinc Department of Government Efficiency Diana Fishman Donald J. Prior to founding Spikes Security, Branden Spikes was married to a native ...
1 month ago Krebsonsecurity.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
1 year ago Securityboulevard.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
1 year ago Bleepingcomputer.com CVE-2023-38831 APT28 APT29
What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
1 year ago Techtarget.com Cozy Bear APT29
Microsoft to start enforcing Azure multi-factor authentication in July - Starting in July, Microsoft will begin gradually enforcing multi-factor authentication for all users signing into Azure to administer resources. After first completing the rollout for the Azure portal, the MFA enforcement will see a similar rollout ...
10 months ago Bleepingcomputer.com Black Basta
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
1 year ago Bleepingcomputer.com
Badge Makes Device-Independent Authentication Platform Available - Badge Inc. today announced that a namesake platform that enables end users to securely be authenticated on-demand using any device is now generally available. The company has allied with Okta to provide integration with an identity access management ...
1 year ago Securityboulevard.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
1 year ago Securityboulevard.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Russian military hackers target NATO fast reaction corps - Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the ...
1 year ago Bleepingcomputer.com CVE-2023-23397 Fancy Bear APT28
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
3 main tactics attackers use to bypass MFA - Notable security breaches have bypassed MFA to compromise taxi broker Uber, games company EA, and authentication business Okta, according to SE Labs. SE Labs advised CISOs to step-up their efforts against attacks on systems protected by MFA in ...
1 year ago Helpnetsecurity.com
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account - This code snippet shows how attackers can intercept an authentication response and modify critical status flags to falsely indicate MFA verification has been successfully completed. These advanced techniques, which exploit vulnerabilities in ...
1 month ago Cybersecuritynews.com
Russian hackers wiped thousands of systems in KyivStar attack - The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped almost all systems on the telecom operator's network. Following the incident, Kyivstar's mobile and data services went down, ...
1 year ago Bleepingcomputer.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
How Russian Hackers Attack Samsung Devices – A Comprehensive Guide - Samsung devices have become all the rage around the globe. Unfortunately, their popularity also attracts the attention of hackers and other cybercriminals who take advantage of them to spread their malicious codes and conduct their illegal ...
2 years ago Heimdalsecurity.com
Microsoft reveals how hackers breached its Exchange Online accounts - Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. On January 12, 2024, Microsoft ...
1 year ago Bleepingcomputer.com APT29
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - Google said that while these recent attacks were likely driven by wartime demands to access sensitive government and military communications in the context of Russia’s invasion of Ukraine, researchers expect attacks on Signal to grow and spread to ...
1 month ago Therecord.media Turla
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)