From www.bleepingcomputer.com: Microsoft has reported an active phishing campaign that targets Microsoft 365 accounts of individuals in various sectors, including government, healthcare, and energy, using device code phishing.

‘The targets are in the government, NGO, IT services and technology, defense, telecommunications, health, and energy/oil and gas sectors in Europe, North America, Africa, and the Middle East.’

To defend against these attacks, Microsoft recommends blocking device code flows when possible, revoking refresh tokens when phishing is suspected, and monitoring sign-in logs for unusual activities.