Microsoft Researchers Uncover Phishing Campaign Exploiting OAuth Redirection

Microsoft researchers identified a phishing campaign abusing OAuth URL redirection to target government and public-sector organizations. Threat actors exploit OAuth’s legitimate redirection behavior to bypass email and browser defenses, rather than stealing credentials or exploiting software vulnerabilities. The attacks focus on delivering malware by leveraging OAuth’s by-design functionality. No specific malware families, affected organizations, or technical indicators (e.g., CVE IDs) were disclosed in the report. The campaign highlights a shift in tactics to evade traditional security measures.