Forg365 Sells $400 Microsoft 365 Phishing Kit With Device-Code and AitM Attacks
Updated
Updated · The Hacker News · Jul 14
Forg365 Sells $400 Microsoft 365 Phishing Kit With Device-Code and AitM Attacks
3 articles · Updated · The Hacker News · Jul 14
Summary
ZeroBEC said Forg365 is a Telegram-sold phishing-as-a-service platform that targets Microsoft 365 accounts with device-code phishing, adversary-in-the-middle pages and post-compromise mailbox operations.
The $400-a-month service uses Amazon SES and Twilio SendGrid infrastructure, AI-generated lures and antibot checks to blend into normal email traffic and hide phishing pages from VPN users and scanners.
Forg365’s clearnet panel lets affiliates generate lures, run campaigns and manage stolen tokens, while its ForgCookie browser extension refreshes Microsoft SSO cookies to preserve access after compromise.
Business-document and remittance lures show how the kit lowers the skill barrier for large-scale attacks, fitting a broader wave of industrialized PhaaS tools such as Kali365, Sneaky 2FA and The Quarry.
As phishing becomes a subscription service, is any company using Microsoft 365 truly prepared for what's next?
When AI writes flawless phishing emails, how can anyone be expected to spot the next sophisticated scam?
Forg365 Exposed: The Next Generation of Phishing-as-a-Service and the Escalating Threat to Microsoft 365
Overview
Forg365 is a new Phishing-as-a-Service (PhaaS) platform that emerged in mid-2026, marking a major shift in cybercrime. It stands out by deeply integrating artificial intelligence and automation, making advanced phishing attacks easier for even low-skilled threat actors. Forg365’s subscription model and distribution through channels like Telegram lower the entry barrier for cybercriminals. Its AI-powered features allow users to launch convincing phishing campaigns with minimal effort, especially targeting Microsoft 365 accounts. This evolution shows how phishing is becoming more industrialized and accessible, raising the risk and impact of attacks for organizations and individuals alike.