Forg365 is a new phishing-as-a-service operation that targets Microsoft 365 accounts using device-code phishing, AiTM techniques, and AI-generated lure content. It also uses the ForgCookie browser extension to maintain persistent access to Microsoft services after compromise. #Forg365 #Microsoft365 #ForgCookie #ZeroBEC
Keypoints
- Forg365 combines device-code phishing and AiTM attacks to steal Microsoft 365 accounts.
- The platform includes AI-assisted email generation inside its operator dashboard.
- ForgCookie helps attackers refresh Microsoft SSO cookies for persistent access.
- Forg365 uses AntiBot defenses, encrypted redirectors, and VPN-aware redirection to evade analysis.
- Researchers observed phishing delivery through Amazon SES, Cloudflare Pages, and Gophish infrastructure.