Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts

    Protect Your Data: Russian Spear-Phishing Targets Microsoft 365 Accounts

    Stu Sjouwerman | Feb 18, 2025

    Spear Phishing Campaign Targets Energy CompaniesSeveral Russian threat actors, including the SVR’s Cozy Bear, are launching highly targeted spear phishing attacks against Microsoft 365 accounts, according to researchers at Volexity.

    The attackers are impersonating employees at the US State Department, the Ukrainian Ministry of Defence, the European Union Parliament, and well-known research institutions.

    The attacks use a technique called “Device Code Authentication,” which attempts to trick users into entering a code that grants access to their accounts. This login method is provided by Microsoft to facilitate sign-ins from input-constrained devices, like smart TVs or printers. “However, in this case, it means if an attacker can convince a user to enter a specific code into this dialogue (and log in), they are granted long-term access to the user’s account,” Volexity explains.

    The researchers note, “This method has been more effective at successfully compromising accounts than most other targeted spear-phishing campaigns.”

    The attackers began by instigating conversations with the targets via email or messaging apps. After gaining the victim’s trust, they sent links that purportedly led to a Microsoft Teams meeting or a chatroom. These links took the victims to a Microsoft Device Code authentication page that asked them to enter a code.

    In one case, the threat actor contacted a target via Signal, then asked them if they could move the conversation to a different chat application.

    “The message was a ploy to fool the user into thinking they were being invited into a secure chat, when in reality they were giving the attacker access to their account,” the researchers write. “The generated Device Codes are only valid for 15 minutes once they are created. As a result, the real-time communication with the victim, and having them expect the ‘invitation,’ served to ensure the phish would succeed through timely coordination.”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Volexity has the story.

    Topics: Phishing Spear Phishing Security Culture

    See KnowBe4 Defend™ in Action

    Learn how Defend™ strategically enhances Microsoft 365's native security to catch the threats Secure Email Gateways (SEGs) miss.

    Request a Demo

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All