
Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims
A long-running Microsoft 365 device code phishing campaign has compromised at least 218 victims across multiple countries after abusing Microsoft’s legitimate OAuth Device Code Flow. The operation, linked to a threat actor tracked as saroula01, remained active for more than a year and primarily targeted corporate users. The campaign used a custom phishing framework known […]
The post Year-Long Microsoft Device Code Phishing Campaign Bypasses MFA and Claims 218 Victims appeared first on Cyber Security News.