Threat actors have devised a phishing campaign that exploits OAuth URL redirection to bypass traditional defenses and target government users. By leveraging the legitimate behavior of OAuth, attackers redirect victims to infrastructure under their control, effectively turning this into an identity-based threat. This tactic allows attackers to evade email and browser defenses, which are typically designed to detect and block malicious activity based on credentials or software vulnerabilities. The attackers' goal is to deliver malware to the targeted government and public-sector organizations. Microsoft researchers have identified this campaign as a significant threat, emphasizing the need for enhanced security measures to prevent such attacks. The use of OAuth redirection in this campaign highlights the evolving nature of phishing tactics, which now focus on exploiting legitimate mechanisms to achieve malicious goals. This approach enables attackers to stay under the radar of traditional security controls, making it essential for organizations to implement additional layers of defense. The success of this campaign relies on the ability of attackers to trick users into granting access to sensitive information, which is then used to facilitate further malicious activity1. So what matters to practitioners is that this new phishing tactic can bypass traditional security controls, making it crucial to implement robust identity-based security measures to prevent such attacks.