Blog | Arctic Wolf

Riding the Rails: Arctic Wolf Tracking Threat Actors Abusing Railway PaaS for Microsoft 365 Token Compromise

Arctic Wolf has recently observed a phishing campaign targeting Microsoft 365 that abuses the OAuth device code flow to trick victims into providing authentication codes. Threat actors use Railway’s Platform-as-a-Service (PaaS) infrastructure (a trusted cloud platform with valid IP addresses)...

March 27, 2026

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Agentic SOC

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Security Bulletins

Riding the Rails: Arctic Wolf Tracking Threat Actors Abusing Railway PaaS for Microsoft 365 Token Compromise

TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway

Partners

Company

Careers

Press

Brand Partnerships

ARCTIC WOLF BLOG

The 20 Coolest Security Operations, Risk And Threat Intelligence Companies Of 2026: The Security 100

Data-only extortion grows as ransomware gangs seek better profits

Arctic Wolf targets mid-market security gap in APAC

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347

1.888.272.8429

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Privacy Notice

Terms of Use

Cookie Policy

Accessibility Statement

Information Security

Sustainability Statement

Cookies Settings

Platform

Agentic SOC

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

Security Bulletins

Riding the Rails: Arctic Wolf Tracking Threat Actors Abusing Railway PaaS for Microsoft 365 Token Compromise

TeamPCP Supply Chain Attack Campaign Targets Trivy, Checkmarx (KICS), and LiteLLM (Potential Downstream Impact to Additional Projects)

CVE‑2026‑3055: Critical Unauthenticated Memory-Read Vulnerability in Citrix NetScaler ADC and Gateway

Partners

Company

Careers

Press

Brand Partnerships

ARCTIC WOLF BLOG

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347