অর্ঘ্য 🏏📚 💻Researchers at #Volexity revealed that multiple #Russian threat actors are conducting social-engineering & spear-phishing to target organizations with the ultimate goal of compromising #Microsoft 365 accounts via #DeviceCodeAuthentication phishing.
卡拉今天看了什麼Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication | Volexity
Link📌 Summary: Volexity 觀察到多個俄國威脅行為者進行社交工程及針對 Microsoft 365 帳戶的 Device Code Authentication 網絡釣魚攻擊。這些攻擊以不同政治主題為背景,尤其是針對新上任的美國政府。俄國行為者利用精心設計的電子郵件及信息,誘使目標用戶進行身份認證,從而獲取長期存取權限。Volexity 目前追蹤著名的威脅行為者 CozyLarch 及其他未命名的攻擊者,並提出了相關檢測及預防措施。🎯 Key Points:
- 多個俄國威脅行為者針對 Microsoft 365 展開網絡釣魚攻擊,利用 Device Code Authentication 方法。
- 攻擊在社交媒體及信件中展開,往往假冒政府及研究機構的身份。
- 成功的攻擊案例利用用戶對正常流程的誤解,出現標題為「測量影響操作」的偽邀請。
- Volexity 指出,這些失竊帳戶後的訪問方式有所不同,且利用了不同的基礎設施。
- 提出監控及阻止 Device Code Authentication 攻擊的建議,並強調加強用戶意識的重要性。
🔖 Keywords: #DeviceCodeAuthentication #網絡釣魚 #俄國威脅 #社交工程 #CozyLarch
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Starting in mid-January 2025, Volexity identified several social-engineering and spear-phishing campaigns by Russian threat actors aimed at compromising Microsoft 365 (M365) accounts. These attack campaigns were highly targeted and carried out in a variety of ways. The majority of these attacks originated via spear-phishing emails with different themes. In one case, the eventual breach began with highly tailored outreach via Signal.Through its investigations, Volexity discovered that Russian threat actors were impersonating a variety of individuals