Archynetys Live news trend intelligence
▲ Peaking Technology

New phishing kits target Microsoft 365 accounts, evade MFA

New phishing kits like Forg365 are enabling account takeovers of Microsoft 365 by bypassing multi-factor authentication (MFA).

5sources
5articles
3velocity
+0%since first seen
just nowfirst detected

Velocity

How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →

The brief

Attackers are deploying phishing kits and Phishing-as-a-Service (PhaaS) tools, specifically Forg365, to target Microsoft 365 accounts. These tools utilize Adversary-in-the-Middle (AitM) session theft and the abuse of OAuth device codes and Entra ID enrollment to gain persistent access to SaaS environments.

Coverage from BleepingComputer, The Hacker News, and CSO Online emphasizes that these kits lower the barrier for executing account takeovers. Additionally, SecurityWeek reports that Okta has issued warnings regarding vishing attacks specifically targeting Microsoft 365 customers.

Future developments involve the continued use of device code phishing and session theft to evade MFA. Coverage does not yet specify the total number of affected organizations.

Synthesized by Archynetys from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.

Quick answers

What is Forg365?

Forg365 is a Phishing-as-a-Service (PhaaS) kit designed to lower the barrier for Microsoft 365 account takeovers.

How are attackers bypassing MFA?

Attackers are using Adversary-in-the-Middle (AitM) session theft and abusing OAuth device codes.

Are there other methods being used besides digital phishing kits?

Yes, Okta has warned of vishing attacks targeting Microsoft 365 customers.

Coverage (5)

Topics

Related trends