Key Findings A Russia-aligned threat group, tracked as UNK_AcademicFlare, has been conducting phishing campaigns that abuse Microsoft 365 device code authentication workflows to steal victims' credentials and take over accounts. The attacks, ongoing since September 2025, target government, military, think tanks, higher education, and transportation sectors in the U.S. and Europe. The adversary uses compromised email addresses belonging to government and military organizations
