Inside an AI‑enabled device code phishing campaign

Microsoft Defender researchers have identified a sophisticated AI-enabled device code phishing campaign targeting organizational accounts at scale. The campaign marks a significant escalation in threat actor sophistication, moving from static scripts to AI-driven infrastructure with end-to-end automation. Threat actors abuse the OAuth Device Code Authentication flow to bypass MFA protections by decoupling authentication from originating sessions. Key techniques include dynamic code generation to circumvent the 15-minute expiration window, hyper-personalized phishing lures created with generative AI aligned to victims' roles, and automated reconnaissance using Microsoft Graph to map organizational structures. The campaign leveraged Railway.com for backend infrastructure and multiple redirections through compromised legitimate domains and serverless platforms like Vercel and Cloudflare Workers to evade detection. Post-compromise activities include email exfiltration and creation of malicious inbox rules for persistence. EvilToken Phishing-as-a-Service toolkit has been identified as a key enabler of this campaign.

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access. The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog .

Microsoft Defender researchers have identified a sophisticated AI-enabled device code phishing campaign targeting organizational accounts at scale. The campaign marks a significant escalation in threat actor sophistication, moving from static scripts to AI-driven infrastructure with end-to-end automation. Threat actors abuse the OAuth Device Code Authentication flow to bypass MFA protections by decoupling authentication from originating sessions. Key techniques include dynamic code generation to circumvent the 15-minute expiration window, hyper-personalized phishing lures created with generative AI aligned to victims' roles, and automated reconnaissance using Microsoft Graph to map organizational structures. The campaign leveraged Railway.com for backend infrastructure and multiple redirections through compromised legitimate domains and serverless platforms like Vercel and Cloudflare Workers to evade detection. Post-compromise activities include email exfiltration and creation of malicious inbox rules for persistence. EvilToken Phishing-as-a-Service toolkit has been identified as a key enabler of this campaign. A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation. This campaign goes beyond traditional phishing by generating live authentication codes on demand, enabling higher success rates and sustained post‑compromise access. The post Inside an AI‑enabled device code phishing campaign appeared first on Microsoft Security Blog . In this article Attack chain overview Mitigation and protection guidance Indicators of compromise (IOC) References Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational accounts at scale. While traditional device code attacks are typically narrow in scope, this campaign demonstrated a higher success rate, driven by automation and dynamic code generation that circumvented the standard 15-minute expiration window for device codes. This activity aligns with the emergence of EvilToken, a Phishing-as-a-Service (PhaaS) toolkit identified as a key driver of large-scale device code abuse. This campaign is distinct because it moves away from static, manual scripts toward an AI-driven infrastructure and multiple automations end-to-end. This activity marks a significant escalation in threat actor sophistication since the Storm-2372 device code phishing campaign observed in February 2025 . Advanced Backend Automation: Threat actors used automation platforms like Railway.com to spin up thousands of unique, short-lived polling nodes. This approach allowed them to deploy complex backend logic (Node.js), which bypassed traditional signature-based or pattern-based detection. This infrastructure was leveraged in the attack end-to-end from generating dynamic device codes to post compromise activities. Hyper-personalized lures: Generative AI was used to create targeted phishing emails aligned to the victim’s role, including themes such as RFPs, invoices, and manufacturing workflows, increasing the likelihood of user interaction. Dynamic Code Generation: To bypass the 15-minute expiration window for device codes, threat actors triggered code generation at the moment the user interacted with the phishing link, ensuring the authentication flow remained valid. Reconnaissance and Persistence: Although many accounts were compromised, follow-on activity focused on a subset of high-value targets. Threat actors used automated enrichment techniques, including analysis of public profiles and corporate directories, to identify individuals in financial or executive roles. This enabled rapid reconnaissance, mapping of permissions, and creation of malicious inbox rules for persistence and data exfiltration. Once authentication tokens were obtained, threat actors focused on post-compromise activity designed to maintain access and extract data. Stolen tokens were used for email exfiltration and persistence, often through the creation of malicious inbox rules that redirected or concealed communications. In parallel, threat actors conducted Microsoft Graph reconnaissance to map organizational structure and permissions, enabling continued access and potential lateral movement while tokens remained valid. Attack chain overview Device Code Authentication is a legitimate OAuth flow designed for devices with limited interfaces, such as smart TVs or printers, that cannot support a standard interactive login. In this model, a user is presented with a short code on the device they are trying to sign in from and is instructed to enter that code into a browser on a separate device to complete authentication. While this flow is useful for these scenarios, it introduces a security tradeoff. Because authentication is completed on a separate device, the session initiating the request is not strongly bound to the user’s original context. Threat actors...