Microsoft discovered cyberattacks being launched by a group they call Storm-2372, who they assess with medium confidence aligns with Russia’s interests and tradecraft.
The attacks appear to have been ongoing since August 2024 and have targeted governments, NGOs, and a wide range of industries in multiple regions. The attacks use a specific phishing technique called “device code phishing” that tricks users to log into productivity apps while Storm-2372 actors capture the information from the log in (tokens) that they can use to then access compromised accounts.
Read more…
Source: Microsoft
Related:
- Basic-Fit confirms data on a million members stolen in cyberattack
April 13, 2026
Basic-Fit, Europe’s largest gym chain, has confirmed data including the bank details of around a million customers was stolen from its systems. Around 200,000 members in the Netherlands alone had their data snatched in a recent cyberattack, the company confirmed on Monday morning via emails sent to those affected. “Today, Basic-Fit has notified the relevant data ...
- Suspect arrested after incendiary device thrown at OpenAI CEO Sam Altman’s home
April 11, 2026
A 20-year-old man has been arrested after a Molotov cocktail was thrown at the San Francisco home of OpenAI CEO Sam Altman early Friday morning. The incident happened around 4:00 am when a suspect “threw an incendiary destructive device” at Altman’s home, “causing a fire to one exterior gate” before fleeing on foot, according to statement ...
- Hungary: Nearly 800 state logins surfaced in breach data, including defense and NATO-linked accounts
April 11, 2026
Hungary’s government has discovered the hard way that the biggest threat to national security might just be its own password choices. An investigation by Bellingcat has uncovered close to 800 Hungarian government email and password pairings circulating in breach dumps, cutting across nearly every major ministry, from defense and foreign affairs to finance. This doesn’t look ...
- FBI Atlanta, Indonesian Authorities Take Down Global Phishing Network Behind Millions in Fraud Attempts
April 10, 2026
In a first-of-its-kind joint cyber investigation, the FBI Atlanta Field Office and Indonesian law enforcement authorities have dismantled a sophisticated global phishing operation that enabled cybercriminals to steal thousands of victims’ account credentials and attempt more than $20 million in fraud. The operation centered on the W3LL phishing kit, a widely used cybercrime tool that allowed ...
- CPU-Z, HWMonitor watering hole infection – a copy-pasted attack
April 10, 2026
On April 9, 2026, the website cpuidcom, hosting installers for popular system administration software CPU-Z, HWMonitor (HWMonitor Pro) and Perfmonitor 2, was compromised. Kaspersky researchers observed that starting from approximately April 9, 15:00 UTC, until about April 10, 10:00 UTC, the legitimate download URLs for installers of that software have been replaced with URLs to the ...
- ClickFix finds a new way to infect Macs
April 10, 2026
ClickFix campaigns are looking for alternatives now that many Mac users have been made aware of the dangers of pasting certain commands into Terminal. Researchers found that ClickFix has kept the same social engineering playbook but completely sidestepped Terminal by using the applescript:// URL scheme to auto‑open Script Editor with a ready‑to‑run script that pulls Atomic ...