Report: Device Code Phishing is Surging
ID: 2ede5201-c418-5592-aa61-bf1d28ce0a3b
STIX ID: report--2ede5201-c418-5592-aa61-bf1d28ce0a3b
Feed Name: KnowBe4 Blog
LevelBlue reports a rapid rise in device code flow phishing campaigns that exploit Microsoft’s authentication flow to harvest Microsoft 365 access and refresh tokens without capturing passwords, enabling account takeover and persistent access. Major commodity phishing kits and PhaaS platforms (Tycoon2FA, EvilTokens, Kali365, Ghost Hub, Cyb3r) have incorporated this capability—Tycoon2FA notably resumed operations after a takedown with device code features—making sophisticated token-harvesting attacks accessible to both skilled and low-skilled actors.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
