Microsoft Corp. has issued a warning about a Russian-aligned hacker group, identified as Storm-2372, employing a technique known as 'device code phishing' to compromise Microsoft 365 accounts. The campaign, active since August 2024, targets various sectors including government, NGOs, IT services, defense, telecommunications, health, higher education, and energy across regions such as Europe, North America, Africa, and the Middle East. The hackers use messaging apps like WhatsApp, Signal, and Microsoft Teams to impersonate prominent individuals and trick users into entering attacker-generated device codes on legitimate sign-in pages. This method allows the attackers to capture authentication tokens, granting them access to the victim's accounts and data without needing passwords. Microsoft has observed the group using these tokens to access email and cloud storage, and to move laterally within networks by sending phishing messages from compromised accounts.