Published 4 days ago • loading... • Updated 1 day ago

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Suspected Russian actors launched targeted OAuth phishing campaigns against Microsoft 365 users in March 2025.
These attacks abuse legitimate Microsoft authentication workflows, evolving from similar February 2025 phishing observed by Volexity.
Attackers impersonate European officials and use messaging apps like Signal or WhatsApp to initiate contact with targets.
The scheme tricks victims into sharing Microsoft authorization codes that grant attackers account access, according to Volexity researchers.
Gaining access allows attackers to join devices to Entra ID and download emails and other sensitive data.

Insights by Ground AI

Does this summary seem wrong?

15 Articles

All

Left

Center

Right

Lifehacker

Center

This Cyber Attack Targets Microsoft 365 Accounts

A new cyberattack is targeting Microsoft 365 users through Signal and WhatsApp messages, with hackers impersonating government officials in order to gain access to accounts. According to reporting from Bleeping Computer, bad actors—who are believed to be Russians pretending to be European political officials or diplomats—are contacting employees of organizations working on issues related to Ukraine and human rights. The end goal is to trick targ…

1 day ago

Read Full Article

20minutos

Center

Cybercriminals exploit Microsoft 365's authentication system to steal accounts

The scam that affects specific Microsoft 365 accounts, which could endanger even national security and the one already warned by security companies.

1 day ago·Madrid, Spain

Read Full Article

Mashable

Left

WhatsApp, Signal scam leads to Microsoft account hacks. How to spot it.

Be careful with your Microsoft 365 account. Hackers are reportedly targeting Microsoft accounts through the popular WhatsApp and Signal messaging platforms. Tech and cybersecurity website Bleeping Computer reported that "Russian threat actors" are "impersonating officials from European countries and [contacting] targets" in order to gain access to potential victims' 365 accounts. The hackers have apparently targeted employees at organizations ti…

1 day ago·United States

Read Full Article

BleepingComputer

Center

Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts

Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees of organizations related to Ukraine and human rights.

2 days ago

Read Full Article

ADSLZone

Microsoft 365 accounts are at risk: hackers have a new attack method

Danger in the Microsoft 365 environment in view of the discovery of a new attack maneuver that hackers have pulled out of their sleeves. Specialists have already talked about it so that users can be aware of possible threats. Volexity is reporting a wave of attacks being carried out on Microsoft 365 accounts taking advantage of the OAuth 2.0 identification systems. The only good news is that, as they have revealed, they are detecting attacks on …

1 day ago

Read Full Article

01net

Russian hackers have been hacking Microsoft 365 accounts for months

A new wave of Russian cyberattacks is hitting Microsoft accounts in Europe. According to the American company Volexity, Russian cybercriminals are targeting employees of NGOs, European governments, and organizations linked to Ukraine in the hope of stealing sensitive data.

2 days ago

Read Full Article

Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/year