CodeStorm Phishing Campaign Exploits M365 Accounts for Enhanced Attacks
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A phishing campaign attributed to the CodeStorm group is targeting Microsoft 365 tenants by leveraging compromised accounts. Attackers are using a tenant-aware AiTM phishing kit that employs rotating frontends and backend replay behavior, making it difficult for secure email gateways to detect. This method allows malicious emails to bypass traditional filters, increasing the likelihood of successful phishing attempts. The campaign's scope includes multiple organizations, with a focus on exploiting legitimate M365 accounts to enhance the credibility of phishing messages. As of June 23, 2026, the campaign is ongoing, and organizations are urged to remain vigilant against these sophisticated phishing tactics.
Key Points: • CodeStorm phishing campaign targets Microsoft 365 tenants using compromised accounts. • Attackers employ an AiTM phishing kit with rotating frontends to evade detection. • The campaign is ongoing, affecting multiple organizations and bypassing traditional email filters.