Origin

What’s a Device Code? When you want to log in and authenticate to Entra ID, you may not always have the same input capabilities as you have on your computer. This can be devices without keybo…

 A hacking outfit potentially linked to Russia is running an active operation that uses device code phishing to target Microsoft 365 accounts of individuals at organisations of interest. The targets are in the government, non-governmental organisations…

Phishing mobile devices, with DeviceCode phishing and QR codes As protections for endpoints (Laptops, Virtual-Desktops, …) are getting better and sometimes really tough to bypass, it might be time to move along. One of the next weaker devices might be mobile ones, in that case smartphones. Imho the MDM is weaker nowadays then a fully featured EDR with webproxies and packet inspection. For a good user experience, we can combine “E-Mails, QR-Codes, DeviceCode phishing and Azure CDN fronting”. tl;dr E-Mails without links, attachments and images will often make it to inbox QRCodes do not need to be images, they can also be Unicode or html tables Azure CDN Fronting spares the handling of a trusted domain, SSL certificate and all the nasty things around DeviceCode phishing is still doing great in most environments A GraphAPI token for Azure is quite powerful Depending on the kind of phishing the loot might be even a fully featured PRT!