
In recent times, a sophisticated phishing campaign has been uncovered, targeting Microsoft 365 (M365) accounts. This campaign, orchestrated by Russian nation-state actors, employs a technique known as device code authentication phishing. This method has proven to be more effective at compromising accounts than many traditional spear-phishing attacks. The following sections delve into the intricacies of this campaign, its execution, and