Russian APTs: OAuth Abuse, RDP Phish, and Takedowns

Russian APTs: OAuth Abuse, RDP Phish, and Takedowns

Russia-linked actors leaned hard on OAuth device codes and RDP phishing from Oct 2024–Aug 2025. Providers pushed back in concert. Here’s what changed, what to watch in your logs, and the quickest moves that buy real risk reduction.