A Russia-linked threat actor tracked as Storm-2372 has been targeting government and private organizations in a global campaign employing device code phishing for account compromise, Microsoft reports.
The campaign has been ongoing since at least August 2024, targeting entities in the government, IT, defense, telecoms, health, education, and energy sectors, as well as NGOs in Africa, Europe, the Middle East, and North America.
https://www.securityweek.com/russian-st ... -phishing/