Summary: Russian threat actors are targeting organizations via phishing attacks that impersonate legitimate European security events, using Microsoft 365 OAuth and Device Code workflows to steal credentials. Techniques include rapport-building conversations, fake professional websites, and communication through messaging apps. Notable campaigns include the Belgrade Security Conference and Brussels Indo-Pacific Dialogue, with attackers expanding their target lists through responses. Indicators and investigative assistance are offered for potential victims.
