Russian hackers exploit Microsoft 365 accounts using new phishing technique

Russian hackers are using a new method to target Microsoft 365 accounts, according to Volexity. They are stealing device authentication codes through phishing attacks, which have proven more effective than previous spear-phishing techniques. The attacks began in late January 2025, with hackers impersonating officials from U.S. government departments and research institutions. They trick victims into providing authentication codes, granting long-term access to their accounts. Volexity identified CozyLarch as one of the threat actors involved. The attacks often start with spear-phishing emails or messages on platforms like Signal, leading victims to a fake meeting invite that captures their authentication codes.