{"id":227493,"date":"2025-12-20T01:19:07","date_gmt":"2025-12-20T07:19:07","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/12\/russia-linked-hackers-use-microsoft-365-device-code-phishing-for-account-takeovers"},"modified":"2025-12-20T01:19:07","modified_gmt":"2025-12-20T07:19:07","slug":"russia-linked-hackers-use-microsoft-365-device-code-phishing-for-account-takeovers","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/12\/russia-linked-hackers-use-microsoft-365-device-code-phishing-for-account-takeovers","title":{"rendered":"Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/russia-linked-hackers-use-microsoft-365-device-code-phishing-for-account-takeovers.jpg\"><\/a><\/p>\n<p>A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims\u2019 Microsoft 365 credentials and conduct account takeover attacks.<\/p>\n<p>The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker <strong>UNK_AcademicFlare<\/strong>.<\/p>\n<p>The attacks involve using compromised email addresses belonging to government and military organizations to strike entities within government, think tanks, higher education, and transportation sectors in the U.S. and Europe.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims\u2019 Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare. The attacks involve using compromised email addresses belonging to government and military [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,32,1490,1491],"tags":[],"class_list":["post-227493","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-education","category-government","category-transportation"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/227493","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=227493"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/227493\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=227493"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=227493"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=227493"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}