THREAT INTEL: STATE ACTORS - Russian hackers are Phishing their way past MFA – cyberinsights.iainfraser.net SME Cyber Insights - The UK Small Business Cybersecurity Network ... Helping Keep Small Business CYBERSafe with Practical Small Business Cybersecurity

Helping Keep Small Business CYBERSafe!
Gibraltar: Friday 21 February 2025 at 10:00 CET

THREAT INTEL: STATE ACTORS – Russian hackers are Phishing their way past MFA rendering the authentication protocol pretty much useless.
By: Iain Fraser – Cybersecurity Journalist
CYBERInsights – First For Small Business Cybersecurity
#CyberInsights #CyberSecurity #CyberAwareness #CyberSafe #SME #SmallBusiness #ThreatIntel

A State sponsored, Russian based Hacking group with links direct to Vladimir Putin are reported to have deployed a new Phishing variant to enable a seamless bypass of your MFA (2FA) protocols and credentials making a mockery of the “authentication” .

The threat was first revealed by Microsoft who have warned about a Russian Threat group known as Storm-2372. Microsoft has reported that the Hacker outfit has modified its tactics using a specific ‘device code phishing’ technique to bypass multi-factor authentication (MFA) and steal access tokens and have been active doing exactly that since August last year.

The technique, device code Phishing, takes advantage of an industry standard authentication practice for devices that cannot perform authentication using a web flow and must use another device to sign in.
It has been observed targeting governments, NGOs, as well as organizations in the IT, defence, telecoms, health, energy, and education sector across multiple regions, Microsoft added.

How it works.

Attackers first initiate the authentication flow by requesting a device code from the targeted service, and then send the code to the victim under the guise of an invite to a Teams meeting or a registration code, for example. The target will go through their usual authentication process entering their username, password, and MFA credentials into the legitimate service portal, but once the service generates access the threat actor can recover the access token. SIMPLES! Cybersecurity luminaries have warned that this tactic could become increasingly common amongst threat actors as it can get around additional security layers that prevent more rudimentary Phishing attacks.

CYBER Insights – Helping Keep Small Business CYBERSafe!

Launched in 2020 by Cybersecurity Journalist Iain Fraser and his team at IfOnly… CYBERInsights was developed to be the go-to platform providing definitive, reliable & actionable Cybersecurity News, Intel, Awareness & Training specifically written and curated for Small Business & Enterprise Owners, Partners and Directors throughout the UK. #CyberInsights #CyberSecurity #CyberAttack #CyberAwareness #Compliance #DDoS #Fraud #Ransomware #ScamAlert #SME #SmallBusiness #SmallBusinessOwner #ThreatIntel

Lost your data? Don’t panic. R3 can help! Real data recovery services from a real UK lab!
Data loss can happen at any time and can happen in the most unexpected ways. As long as your device hasn’t been stolen R3 can recover your data from the most unlikely disasters. From their wholly secure state of the art Recovery Lab they can deploy the very best data recovery service as quickly as possible. Their technicians are among the best in the sector and can recover lost data from hard drives, RAID arrays, Flash Memory devices like USB Memory Sticks, SD Cards and SSD hard drives. Their “clean room” lab facilities are beyond compare, reaching a class leading ISO 3 standard. If you have been the victim of a Ransomware Attack or Lost Valuable Data R3 data recovery provide cost-effective data recovery solution – Fast! #CyberInsights #CyberSecurity #CyberAttack #CyberAwareness #CyberSecurityAwareness #SME #SmallBusiness #SmallBusinessOwner #Ransomware #RansomwareRecovery #DataLoss #DataRecovery #R3