Microsoft disrupted activity by the Russia-based TA446 aka SEABORGIUM that was conducting a persistent campaign against people and organizations in NATO countries. The threat group steals the entered credentials and authentication cookies or tokens generated after the user login. These stolen tokens allow the threat group to log in even if 2FA is enabled.