By The Hacker News
Publication Date: 2025-12-19 17:54:00
A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims’ Microsoft 365 credentials and conduct account takeover attacks.
The activity, ongoing since September 2025, is being tracked by Proofpoint under the moniker UNK_AcademicFlare.
The attacks involve using compromised email addresses belonging to government and military organizations to strike entities within government, think tanks, higher education, and transportation sectors in the U.S. and Europe.
“Typically, these compromised email addresses are used to conduct benign outreach and rapport building related to the targets’ area of expertise to ultimately arrange a fictitious meeting or interview,” the enterprise security company said.
As part of these efforts, the adversary claims to share a link to a document that includes questions or topics for the email recipient to…
