State-linked hackers exploit device code phishing to target Microsoft 365 users, using techniques that impersonate legitimate access workflows. Groups from Russia and China lead recent attacks, employing tools like SquarePhish2 and Graphish phishing kits. This method involves users entering a device code, granting hackers access to their accounts. Cybersecurity firm Proofpoint notes the increased use of this tactic for attacks on various sectors, including government and education.
State-linked and Criminal Hackers Use Device Code Phishing Against M365 Users

