Hackread reports that attacks involving sophisticated dynamic device code phishing have been deployed by Russian state-sponsored advanced persistent threat operation Storm-2372 to stealthily compromise organizations in the government, defense, healthcare, finance, and technology sectors in the U.S., Canada, Germany, Ukraine, Australia, and the UK.
Storm-2372 distributed malicious messages with links redirecting to seemingly legitimate login pages that generate device codes and exploit CORS-Anywhere to enable prolonged access to targeted Microsoft email accounts while circumventing multi-factor authentication and other security systems, according to an analysis from SOCRadar. Such findings were regarded by SOCRadar researchers to be indicative of increasingly advanced phishing tactics employed by threat actors that require the implementation of more robust cybersecurity defenses among organizations. "The campaign underlines the critical need for modern organizations to embrace adaptive, context-aware defense mechanisms to counter identity-based threats that are increasingly evading conventional protections," added researchers.
Storm-2372 distributed malicious messages with links redirecting to seemingly legitimate login pages that generate device codes and exploit CORS-Anywhere to enable prolonged access to targeted Microsoft email accounts while circumventing multi-factor authentication and other security systems, according to an analysis from SOCRadar. Such findings were regarded by SOCRadar researchers to be indicative of increasingly advanced phishing tactics employed by threat actors that require the implementation of more robust cybersecurity defenses among organizations. "The campaign underlines the critical need for modern organizations to embrace adaptive, context-aware defense mechanisms to counter identity-based threats that are increasingly evading conventional protections," added researchers.
