UNK_AcademicFlare is a suspected Russia-aligned threat actor that conducts device code phishing campaigns by leveraging compromised email addresses from government and military organizations. The actor engages in rapport building through benign outreach, ultimately leading to a phishing attempt via a Cloudflare Worker URL that spoofs a OneDrive account. Targeted sectors include government, think tanks, higher education, and transportation in the U.S. and Europe, with a focus on Russia and Ukraine-themed content. Their tactics include using compromised accounts for initial contact and employing device code phishing techniques to extract credentials.
References
Actor metadata imported from Malpedia (Fraunhofer FKIE).