A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.
\nThe activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.
\nThe attacks involve using compromised email addresses belonging to government<\/p>","protected":false},"excerpt":{"rendered":"
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks. The activity,…<\/p>\n","protected":false},"author":1,"featured_media":2810,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"saved_in_kubio":false,"footnotes":""},"class_list":["post-2809","page","type-page","status-publish","has-post-thumbnail","hentry"],"kubio_ai_page_context":{"short_desc":"","purpose":"general"},"_links":{"self":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/2809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2809"}],"version-history":[{"count":0,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/pages\/2809\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infosec-daily.com\/index.php?rest_route=\/wp\/v2\/media\/2810"}],"wp:attachment":[{"href":"https:\/\/infosec-daily.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}