Dangerous Invitations: Russian Threat Actor Spoofs European Security Events in Targeted Phishing Attacks
ID: 7cb9ec5f-d070-59fe-8ee8-5c67d6363750
STIX ID: report--7cb9ec5f-d070-59fe-8ee8-5c67d6363750
Feed Name: Volexity Blog
Volexity reports that Russian-linked threat actor UTA0355 conducted multiple targeted phishing campaigns in 2025 abusing Microsoft OAuth and Device Code authentication flows to trick users registering for fake conference websites into providing authentication codes; attackers used rapport-building, compromised identities, professional-looking decoy sites, and messaging apps to guide victims, gained persistent access to Microsoft 365 accounts, and operationalized proxy infrastructure—Volexity provides examples, domains, and IOCs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.