Video call generated an OAuth code to enable Microsoft 365 access.
Ukraine-linked nongovernmental organisations have been targeted by Russian threat actors aiming to exploit the OAuth protocol to compromise Microsoft 365 accounts.
According to a report from Volexity, the attacks commenced with phishing attempts luring targets into joining a video call tackling the ongoing conflict in Ukraine, where the link to the call generated an OAuth code sought by the hackers to generate another token enabling Microsoft 365 access.
As reported by
The Record, despite not being associated with Russian advanced persistent threat operations, UTA0352 and UTA0355 were discovered by Volexity researchers to have overlaps with other threat actors who sought to infiltrate Microsoft 365 accounts.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
