Library Header Image Library Header Image

Webcast: Cloud Village: Braving the Storm-2372: The Tempest Decoded


Broadcast on in Webcasts

Webcast: Cloud Village: Braving the Storm-2372: The Tempest Decoded

January 14, 2026 | 10:00 AM PT | 1:00 PM ET

Storm-2372 (Feb’25) has been virtually ignored, even though Russian threat actors demonstrated in-the-wild exploits using OAuth Device Code Phishing (Syynimaa, Oct’20) and PRT/device registration abuse (Moller, Oct’23) that fundamentally puts all Entra customers at risk via its abuse of OAuth, the device registration service, SSO and compromise of the Primary Refresh Token. Talk will walk through the findings and discuss the detection, prevention, and what can be done effectively against the attack.

View the slide deck here.

Access This and Other RSAC Webcasts with your Free RSAC Membership

Your RSAC Membership also includes AI-powered summaries and slides for Conference presentations, Group Discussions with experts, and more.

Watch Now >>
Contributors
Jenko Hwong

Principal Threat Researcher, Huntress Labs

View More Webcasts


Share With Your Community