New Forg365 phishing platform uses AI to target Microsoft 365 accounts

Summary

A new phishing-as-a-service (PhaaS) operation named Forg365 has emerged, targeting Microsoft 365 accounts. It leverages a combination of adversary-in-the-middle (AiTM) and device code techniques, enhanced by AI for generating more convincing phishing lures.

IFF Assessment

FOE

This phishing operation represents an advancement in attacker capabilities, making it more difficult for defenders to detect and prevent account compromise.

Defender Context

Defenders should be aware of this new phishing platform and the AI-enhanced lures it employs. Organizations need to ensure robust multi-factor authentication (MFA) is enforced and educate users on recognizing sophisticated phishing attempts that bypass traditional defenses.

Read Full Story →