Skip to content
Tech News
← Back to articles

New Forg365 phishing platform uses AI to target Microsoft 365 accounts

read original more articles

A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation.

The platform also provides a browser extension for continued access to the Microsoft services linked to the compromised accounts without the need to re-authenticate.

Researchers at ZeroBEC email security company say that many of the features in Forg365 are present in other infamous PhaaS platforms such as Kali365 and Sneaky2FA, although they could not establish a connection.

Their investigation began by analyzing phishing emails that posed as business documents, carefully crafted to mimic a trusted service.

"The observed sender domain used Amazon SES delivery, while the message body included SendGrid-hosted image or tracking resources," ZeroBEC says in a report today.

This combination of legitimate services and phishing infrastructure indicates a mature PhaaS operation capable of blending its messages into regular email traffic.

The platform features device-code phishing, adversary-in-the-Middle (AiTM) phishing, AI-assisted email content generation, token and cookie management, and post-compromise operations.

Digging deeper, the researchers obtained access to the Forg365 dashboard, which allows creating new phishing campaigns, manage phishing links, configure OAuth apps and SMTP profiles, manage tokens, and generate phishing emails with the help of AI.

The Forg365 panel

Source: ZeroBec

... continue reading