Storm-2372 used the device code phishing technique since August 2024

Russia-linked group Storm-2372 has been using device code phishing since August 2024 to steal login tokens from governments, NGOs, and industries. The attackers trick users into authenticating through phishing messages, allowing them to access accounts and data. Organizations are advised to block device code flow, enable MFA, and implement the principle of least privilege to mitigate these attacks.