THREATOPS
THREAT OPSThreat News › Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft

lowthehackernewsPublished 2026-07-13

A new phishing-as-a-service (PhaaS) operation called Forg365 is using a combination of device code phishing, adversary-in-the-middle (AitM) tactics, antibot evasion, artificial intelligence (AI)-assisted lure creation, and post-compromise mailbox operations targeting Microsoft 365 accounts.

Distributed via Telegram and costing $400 a month (or $3,800 per year), attack chains leverage phishing

MITRE ATT&CK techniques

Original source: https://thehackernews.com/2026/07/forg365-phaas-targets-microsoft-365.html