Microsoft Defender Security Research has exposed a sophisticated AI-enabled phishing campaign that abuses the OAuth Device Code Authentication flow to steal access and refresh tokens from Microsoft 365 accounts. Threat actors employ generative AI for hyper-personalized lures and full end-to-end automation, bypassing traditional MFA and the standard 15-minute device code expiration through dynamic, on-demand code generation. The operation, powered by the EvilTokens Phishing-as-a-Service toolkit, has compromised hundreds of organizations daily since mid-March 2026, marking a major escalation from earlier manual campaigns.
AI-Driven Attack Chain
Reconnaissance begins 10 to 15 days prior, with actors querying Microsoft’s GetCredentialType API to validate active email addresses in target tenants. Phishing emails, crafted with generative AI for role-specific relevance, use themes such as RFPs, invoices, document sharing, electronic signatures, or voicemail notifications. Victims clicking links encounter multi-stage redirects via compromised legitimate domains and serverless platforms like Vercel, Cloudflare Workers, AWS Lambda, and Railway.com to evade scanners.
On the final landing page, often mimicking a browser-in-the-browser or blurred document preview with a “Verify identity” prompt, a background script sends a real-time POST request to the attackers’ backend. This triggers live device code generation via Microsoft’s official endpoint, displayed alongside an auto-copied code using the JavaScript clipboard API and a redirect button to microsoft.com/devicelogin. A hidden polling mechanism checks status every 3 to 5 seconds using a session identifier, capturing valid tokens immediately upon user authentication on the legitimate site. This dynamic approach ensures the full 15-minute validity window starts only at victim interaction, significantly boosting success rates over static methods.
Escalation from Prior Campaigns
The current activity builds on Storm-2372’s device code phishing observed in February 2025, which relied on manual social engineering via messaging apps and Teams invitations targeting government, defense, and critical infrastructure sectors. In contrast, the 2026 campaign shifts to industrialized automation and AI integration across reconnaissance, lure generation, infrastructure spinning with thousands of short-lived polling nodes on Railway.com, and exploitation. Microsoft links this surge to the emergence of EvilTokens PhaaS in early 2026, enabling criminal actors to scale operations far beyond nation-state efforts like Storm-2372.
Broader threat actor abuse of AI, detailed in a related April 2 Microsoft report, shows generative tools accelerating every attack phase, including 450 percent higher phishing click-through rates via localized messaging and automated payload refinement, while transforming AI systems themselves into new attack surfaces. The device code campaign exemplifies this evolution from AI as a tool to a core enabler of resilient, high-volume credential theft.
Critical Campaign Details
Reconnaissance via GetCredentialType API occurs 10 to 15 days before phishing, followed by 10 to 15 distinct AI-personalized campaigns launching daily since March 15, 2026.
Dynamic device code generation at the final landing page, combined with 3 to 5 second polling and auto-clipboard functionality, circumvents the 15-minute expiration.
Infrastructure heavily abuses serverless platforms such as Vercel, Cloudflare Workers, AWS Lambda, and Railway.com along with compromised domains for redirects and backend operations.
Post-compromise activity focuses on high-value financial and executive personas via Microsoft Graph reconnaissance, new device registration for Primary Refresh Tokens often within 10 minutes, malicious inbox rules, and targeted email exfiltration of wire transfers and invoices.
