DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Microsoft 365 Accounts Targeted by Device Code Phishing

DigitalCIO Bureau by DigitalCIO Bureau
December 23, 2025
in Tech News
0
Retail Industry — Next Big Target for Hackers?
75
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Social engineering remains an effective method for threat actors to trick users into performing unwanted actions, such as installing applications or sharing sensitive information. One specific technique, device code phishing, is now widely used to gain access to Microsoft 365 accounts.

Proofpoint researchers warn that this approach, previously primarily used in targeted red team activities, has been part of broader campaigns since September 2025. The security company calls it a significant shift in the threat landscape.

Device code disguised as a one-time password

Device code phishing often begins with a message containing a URL hidden in a button, hyperlink, or QR code. When a user follows the link, the authorization process for Microsoft devices begins. The user then receives a device code, presented as a one-time password (OTP). The instruction is to enter this code on Microsoft’s official verification page. Once this is done, the attacker validates the associated token and thus gains access to the account.

Phishing attacks are carried out in various ways. In some cases, attackers claim to require token reauthorization, while in others, they deploy false warnings about account security.

Various tools available

Both state-sponsored and financially motivated threat actors are using these attacks, including the well-known group TA2723. Malicious applications and tools are being sold on hacking forums that make it easier for attackers to scale up campaigns, such as SquarePhish, SquarePhishV2, and Graphish. These tools help bypass the limited validity period of device codes, making campaigns possible on a larger scale than ever before.

Successful device code phishing attacks lead to complete control of M365 accounts, posing risks such as data theft, lateral movement within networks, and persistent access. Proofpoint emphasizes the importance of stricter OAuth controls and increasing user awareness of these evolving threats. The company expects OAuth authentication abuse to continue to increase, particularly with the introduction of FIDO-compliant multi-factor authentication (MFA).

Tags: Microsoft 365
Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

TCS Becomes Technology and Innovation Partner to New York’s New Terminal One at JFK Airport

by DigitalCIO Bureau
July 14, 2026
0
TCS Becomes Technology and Innovation Partner to New York’s New Terminal One at JFK Airport

TCS will strengthen the digital foundation for the new airport terminal, creating a next-generation guest experience that drives airline cost efficiencies and raises the bar for international travel...

Read moreDetails

KaarTech Recognized Among India’s Top 100 Best Companies to Work For 2026

by DigitalCIO Bureau
July 14, 2026
0
KaarTech Recognized Among India’s Top 100 Best Companies to Work For 2026

KaarTech Recognized Among India's Top 100 Best Companies to Work For 2026 in the Large Enterprises Category by Great Place To Work India KaarTech has been recognized among...

Read moreDetails

TCS and ABB sign multi-million, multi-year deal to transform global network operations with AI

by DigitalCIO Bureau
July 13, 2026
0
TCS and ABB sign multi-million, multi-year deal to transform global network operations with AI

This expanded collaboration will deliver an AI-driven, secure, and standardized digital infrastructure to support ABB’s global network operations The deal marks a 20-year partnership milestone that reinforces the...

Read moreDetails

LTTS Global EI Hackathon Sparks the Next Wave of AI-Native Engineering Solutions

by DigitalCIO Bureau
July 13, 2026
0
LTTS Global EI Hackathon Sparks the Next Wave of AI-Native Engineering Solutions

Nearly 4,000 participants across 770+ teams from nine global locations became a part of the 24-hour innovation challenge L&T Technology Services (LTTS), successfully concluded Engineering Intelligence (EI) OpenHack 2026,...

Read moreDetails

Accenture Edge and Google Cloud Deliver Scalable Agentic AI Solutions for Mid-Sized Businesses

by DigitalCIO Bureau
July 10, 2026
0
Accenture Edge and Google Cloud Deliver Scalable Agentic AI Solutions for Mid-Sized Businesses

Accenture, through its newly launched Accenture Edge business, has partnered with Google Cloud to introduce a suite of agentic AI solutions aimed at helping mid-market companies accelerate technology...

Read moreDetails
Next Post
Barracuda Introduces ‘Barracuda Research

Barracuda Research Identifies GhostFrame Phishing Kit

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

How World’s First Blockchain Smartphone can Secure Bitcoin

December 13, 2018

PayU and Fynd to Boost Payment Experiences for Indian Merchants

August 14, 2024

New Wearable Patch Can Detect Stress Level

July 21, 2018

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Accenture Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Collaboration CrowdStrike Cybersecurity Digital Transformation E-books Enterprises Fortinet Gartner Generative AI Google Cloud HCLTech IBM India Infographics Infosys Internet of Things (IoT) Kaspersky Microsoft NTT DATA NVIDIA Palo Alto Networks Panel Discussion Partnership Sophos Strategic Partnership Tata Consultancy Services TCS Tenable Trend Micro Veeam Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?