Microsoft warns of new phishing technique bypassing multi-factor authentication

Microsoft has reported that the hacker group Storm-2372 is using a new method called "device code phishing" to bypass multi-factor authentication (MFA). This technique has been active since August 2024 and targets various sectors, including government and healthcare. In device code phishing, attackers request a device code from a service and trick victims into entering their credentials on a legitimate portal. This allows hackers to steal access tokens without raising suspicion, making it more effective than traditional phishing methods. Cybersecurity experts warn that this tactic may become more common as it effectively circumvents MFA protections. The technique is evolving, with some attackers using QR codes to exploit mobile security weaknesses.