Forg365 PhaaS uses device code phishing and AitM to steal Microsoft 365 sessions
Source headline: Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
Intelligence Summary
Forg365 is a phishing-as-a-service scheme aimed at Microsoft 365 users. It combines device code phishing with adversary-in-the-middle techniques to capture authenticated sessions. The operation also uses antibot evasion and AI-assisted lure creation to improve success rates. Victims are targeted via Telegram-distributed campaigns, with the service marketed to customers for a monthly fee. This matters because compromised OAuth/session access can enable ongoing mailbox actions without immediately triggering obvious credential-theft indicators.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.