Suspected Russian threat actors are using OAuth-based phishing attacks to get targets to grant them access to their Microsoft 365 (M365) accounts. “The primary tactics observed involve the attacker requesting victim’s supply Microsoft Authorization codes, which grant the attacker with account access to then join attacker-controlled devices to Entra ID (previously Azure AD), and to download emails and other account-related data,” according to Volexity researchers. How the attack unfolds These recently observed attacks rely heavily … More

The post Attackers phish OAuth codes, take over Microsoft 365 accounts appeared first on Help Net Security.