Device code phishing bypasses password stealing
ID: 2f60e565-78e3-5113-8c6f-4d2737569189
STIX ID: report--2f60e565-78e3-5113-8c6f-4d2737569189
Feed Name: ReversingLabs Blog
Threat Score
This report details an active Microsoft 365 "device code" phishing campaign that tricks corporate users into authorizing attacker-controlled devices via the legitimate OAuth Device Authorization Grant flow; it covers the email lure, landing-page code (use of invisible Unicode chars and automated device-code beaconing), network detection patterns, a YARA rule to detect landing pages, and a large list of IoC URLs, and provides detection and mitigation recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
