Forg365 is a commercial phishing-as-a-service (PhaaS) platform specifically targeting Microsoft 365 users. It employs methods such as device-code phishing, adversary-in-the-middle (AiTM) workflows, AI-assisted lure generation, and token persistence tools.
The platform’s onboarding process through Telegram, subscription model, and post-compromise features highlight how identity attacks on Microsoft 365 are becoming increasingly commercialized.
Researchers from ZeroBEC have assessed Forg365 as a “Kali365-class” platform because it integrates Telegram distribution, Microsoft 365 OAuth abuse, token capture, phishing templates, and persistent access capabilities. However, there is no conclusive evidence establishing a shared ownership with Kali365 or the Sneaky 2FA operation.
Forg365 PhaaS Hijack Microsoft 365 Accounts