Hackers target Microsoft Entra accounts in device code vishing attacks
Summary
Hackers are using a combination of device code phishing and voice phishing (vishing) to compromise Microsoft Entra accounts, targeting technology, manufacturing, and financial organizations. The attacks abuse the OAuth 2.0 Device Authorization flow to gain unauthorized access.
IFF Assessment
FOE
The described attack method gives attackers a new way to compromise accounts.
Defender Context
Defenders need to educate users about device code phishing and vishing techniques, emphasizing the importance of verifying the legitimacy of sign-in requests and not entering codes provided over the phone without validating the source. Multi-factor authentication (MFA) fatigue remains a problem and attackers continue to social engineer their way around it.