Security Stop Press : Cybercriminals Bypassing MFA With Device Code Phishing
Microsoft has reported uncovering a cyberattack campaign by Storm-2372, a group linked to Russian interests, using a technique called device code phishing to bypass multi-factor authentication (MFA) and steal access tokens. Active since August 2024, the group targets governments, NGOs, and industries including defence, telecoms, energy, and healthcare across Europe, North America, Africa, and the Middle East. In device…