Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

Read full story on The Hacker News
Share
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
AI disclosure

Summary

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts. Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing

Original reporting

Open original source

Related coverage

Read full article on The Hacker News

Get the AFBytes Brief

Major stories, AI-assisted analysis, and what to watch next. Free, monthly, unsubscribe anytime.