Russian threat actors are conducting social-engineering and spear-phishing campaigns to compromise Microsoft 365 accounts using Device Code Authentication phishing. This method has proven more effective than traditional techniques. Campaigns have targeted organizations with politically-themed lures, impersonating entities like the US Department of State and Ukrainian Ministry of Defence. Three distinct threat actors (UTA0304, CozyLarch/APT29, and UTA0307) have been identified using similar tactics but with slight variations in their approach and infrastructure. The attacks exploit users' unfamiliarity with the Device Code Authentication process, making it challenging to recognize as phishing. Detection methods and preventive measures are available but often not implemented by organizations.