← All Threat Actors
Threat Actor Profile

TA2723

No known aliases in database
▲ High Threat
TA2723 OAuth Device Code Phishing
Origin
Sponsor criminal organization
Motivation financial gain

Target Sectors

Microsoft 365 users Corporate cloud environments Organizations utilizing OneDrive, LinkedIn, or DocuSign

Known TTPs

OAuth device code phishing
Social engineering (salary and benefits lures)
Service spoofing (Microsoft OneDrive, LinkedIn, DocuSign)
Use of phishing kits (Squarephish2, Graphish)
Abuse of legitimate Microsoft authentication workflows
Use of Cloudflare Worker URLs for phishing infrastructure

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD