Hackers are targeting Microsoft Entra accounts using device code phishing and voice vishing, compromising accounts through legitimate Microsoft OAuth flows without needing traditional phishing methods. This allows attackers to gain valid authentication tokens and access victims' accounts, enabling corporate data theft. The ShinyHunters gang is suspected to be behind these attacks, with recommendations for organizations to monitor OAuth apps, revoke suspicious consents, and consider disabling device code flows when unnecessary.
Hackers Target Microsoft Entra Accounts in Device Code Vishing Attacks

