New phishing kits target Microsoft 365 accounts, evade MFA
New phishing kits like Forg365 are enabling account takeovers of Microsoft 365 by bypassing multi-factor authentication (MFA).
Velocity
How fast coverage is spreading — measured hourly from article rate × source diversity. How this works →
The brief
Attackers are deploying phishing kits and Phishing-as-a-Service (PhaaS) tools, specifically Forg365, to target Microsoft 365 accounts. These tools utilize Adversary-in-the-Middle (AitM) session theft and the abuse of OAuth device codes and Entra ID enrollment to gain persistent access to SaaS environments.
Coverage from BleepingComputer, The Hacker News, and CSO Online emphasizes that these kits lower the barrier for executing account takeovers. Additionally, SecurityWeek reports that Okta has issued warnings regarding vishing attacks specifically targeting Microsoft 365 customers.
Future developments involve the continued use of device code phishing and session theft to evade MFA. Coverage does not yet specify the total number of affected organizations.
Synthesized by Archynetys from the headlines below under a strict no-invention contract. ✓ fact-checked: all claims supported by sources Updated just now.
Quick answers
What is Forg365?
Forg365 is a Phishing-as-a-Service (PhaaS) kit designed to lower the barrier for Microsoft 365 account takeovers.
How are attackers bypassing MFA?
Attackers are using Adversary-in-the-Middle (AitM) session theft and abusing OAuth device codes.
Are there other methods being used besides digital phishing kits?
Yes, Okta has warned of vishing attacks targeting Microsoft 365 customers.
Coverage (5)
- Phishing for dummies: Forg365 lowers barrier to M365 account takeovers csoonline.com · 23h ago
- Hackers Abuse OAuth Device Codes and Entra ID Enrollment for Persistent SaaS Access gbhackers.com · 23h ago
- Okta Warns of Vishing Attacks Targeting Microsoft 365 Customers SecurityWeek · 23h ago
- Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft The Hacker News · 23h ago
- New phishing kits target Microsoft 365 accounts, evade MFA BleepingComputer · 23h ago
Topics
Related trends
ConsentFix and ClickFix: How Microsoft 365 Accounts are Hijacked in 3 Seconds
Security researchers reveal new phishing tactics targeting Microsoft 365 accounts.
Microsoft to end support for Office 2021 this year
Microsoft's decision to end support for Office 2021 is prompting users to consider their next steps.