cloud phishing campaigns

Researchers link a Russia aligned threat group to a phishing campaign abusing Microsoft 365 device code authentication to steal credentials and enable account takeover across government and academic sectors.