ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Cybersecurity

Forg365 PhaaS uses device code phishing and AitM to steal Microsoft 365 sessions

Source headline: Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Forg365 is a phishing-as-a-service scheme aimed at Microsoft 365 users. It combines device code phishing with adversary-in-the-middle techniques to capture authenticated sessions. The operation also uses antibot evasion and AI-assisted lure creation to improve success rates. Victims are targeted via Telegram-distributed campaigns, with the service marketed to customers for a monthly fee. This matters because compromised OAuth/session access can enable ongoing mailbox actions without immediately triggering obvious credential-theft indicators.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#telegram #phishing #aitm #device-code-phishing #microsoft365
Original reporting The Hacker News Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
Open original source