| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from government and military organizations. The actor engages in rapport building through benign outreach, ultimately leading to a phishing attempt via a Cloudflare Worker URL that spoofs a OneDrive account. Targeted sectors include government, think tanks, higher education, and transportation in the U.S. and Europe, with a focus on Russia and Ukraine-themed content. Their tactics include using compromised accounts for initial contact and employing device code phishing techniques to extract credentials.
There are currently no families associated with this actor.
| 2025-12-18
⋅
Proofpoint
⋅
Access granted: phishing with device code authorization for account takeover TA2723 UNK_AcademicFlare |