Threat actors are using legitimate Microsoft feature to compromise M365 accounts - Help Net Security

Suspected Russian threat actors are exploiting Microsoft Device Code Authentication to compromise M365 accounts. The attacks, which involve social engineering and spear-phishing, trick targets into granting access to their accounts by impersonating government officials and researchers. Organizations can mitigate this risk by creating conditional access policies, monitoring Microsoft Entra ID sign-in logs, and revoking refresh tokens if suspicious activity is detected.