This article discusses phishing campaigns by a Russian threat actor that exploit OAuth and Device Code authentication, using fake websites for international security events to trick users into revealing their credentials. The campaigns target organizations involved in events like the Belgrade Security Conference and the Brussels Indo-Pacific Dialogue, employing tactics such as rapport-building and messaging app support to enhance success.