A New Phishing Kit Turned Microsoft 365 Attacks Into a Subscription Service

A New Phishing Kit Turned Microsoft 365 Attacks Into a Subscription Service
Security researchers who examined a phishing kit called Forg365 describe the same scene over and over. An employee gets a login prompt that looks exactly like every other Microsoft 365 sign-in they've seen a thousand times. They approve it. Nothing looks wrong. Nothing feels wrong. Minutes later, someone the employee has never met is sitting inside that mailbox, and the employee has no idea it happened.
That is the pitch behind Forg365, a kit that surfaced this year on Telegram for $400 a month, or roughly $3,800 if paid annually, according to reporting from The Hacker News. It is built specifically to go after Microsoft 365 accounts, and it packages four sophisticated attack techniques into a single rentable product.
Jonathan Ong, senior analyst for managed security services at Omdia, has tracked phishing-as-a-service platforms for years, and he pointed to the specific ingredient that sets this one apart. “Phishing-as-a-service has been around for quite a few years,” Ong told CSO Online. “But the degree to which AI is integrated into Forg365 and enables users is what makes it concerning.”
How Forg365 Works
Forg365 combines device code phishing, adversary-in-the-middle session theft, antibot evasion, and AI-written lures into one package. Devashri Datta, a cybersecurity researcher who studied the platform, summed up the design in a single line: “It integrates AI-assisted lure creation, evasion, and post-compromise mailbox operations into a subscription service distributed through Telegram,” Datta told CSO Online. Each piece in that package solves a different problem for the attacker.
- Device code phishing skips the password screen entirely. It convinces a user to approve what looks like a routine sign-in request on a screen that carries Microsoft's genuine branding. That single approval hands account access to whoever sent the request.
- Adversary-in-the-middle tactics position the attacker between the employee and Microsoft 365, capturing the live session the moment it gets issued. Multi-factor authentication does not stop this, because the attacker never needs to guess the second factor. They just intercept the session after the employee has already cleared it.
Keith Prabhu, founder and CEO of the security advisory firm Confidis, has pointed to exactly why these two techniques need separate defenses. Blocking device-code authentication in Microsoft Entra ID disrupts that specific path, he told CSO Online, and stopping adversary-in-the-middle techniques or stolen session cookies takes its own, separate set of controls.
- The AI-written lures are the part that changes the economics of the whole operation. Forg365 generates phishing emails from a single prompt, tailored to the target company and written in fluent, convincing corporate English. It produces those lures at a volume no individual writer could match, and each one reads like it came from inside the company.
Put those pieces together and the barrier to entry disappears. Buying Forg365 takes a Telegram account and a subscription fee, nothing more technical than that.
Why This Is Bigger Than One Kit
Forg365 fits a pattern security teams have been tracking for two years: the cost of running a sophisticated attack keeps falling, and the skill required keeps shrinking with it.
Phishing volume has climbed sharply since generative AI tools became widely available. Reported phishing attacks have grown by more than 4,000 percent since the launch of ChatGPT. Microsoft's own 2025 Digital Defense Report puts a number on that shift: AI-driven phishing is now three times more effective than traditional campaigns, the company found. The pattern is consistent across every channel: email, SMS, voice, and now session hijacking wrapped in AI-generated packaging. AI tools let attackers research a target and draft a believable message in seconds, a speed no manual process could match.
Microsoft 365 is a natural target simply because of scale. Hundreds of millions of businesses run on it, giving any kit built for it an enormous pool of potential victims. Microsoft's security team continues to ship strong defenses against exactly this kind of abuse.
The Good News: This Kind of Attack Has a Clear Answer
Here is the part that matters most for security leaders reading about Forg365: every technique in this kit has a known, deployable countermeasure. None of it requires a new research budget or a long procurement cycle to solve.
- The most direct fix is administrative. A Conditional Access policy that blocks or restricts Microsoft's device-code authentication flow, unless a specific business case requires it, shuts down the device-code half of Forg365's playbook immediately. A user completing device-code phishing authenticates on Microsoft's genuine login page the entire time, which is exactly why restricting the flow itself is the strongest fix available. Passkeys and number-matching MFA add a second layer, making stolen sessions and static credentials far less useful once an attacker has them. Datta said CISOs should treat this pairing with urgency. “CISOs should treat two controls as co-equal priorities rather than sequential ones,” Datta said, pointing to device-code restrictions and phishing-resistant MFA such as FIDO2 or WebAuthn passkeys.
- Training built around what attacks look like today closes the rest of the gap. Employees who have practiced against AI-written lures recognize the pattern faster than employees still training on decade-old examples with obvious typos, and training has to keep pace with lures this convincing. It can.
- Fast reporting changes the outcome even when a message does land. A one-click report button, paired with automated triage, shrinks the window between a Forg365 email arriving and it getting pulled from every inbox it reached. A threat flagged in minutes causes a fraction of the damage of one sitting unnoticed for a week.
- Session monitoring is the safety net underneath all of it. Unusual sign-in locations, new devices, and token reuse are all detectable the moment they happen, so even a successful click does not have to mean a successful breach. Datta pointed to the first step: “IR teams should audit newly registered devices and remove any that cannot be attributed to the user,” she told CSO Online. Prabhu’s guidance covers the next step: revoke active refresh tokens, terminate existing sessions, and review OAuth permissions for anything unauthorized.
What Comes NextKits like Forg365 will keep showing up. AI is making attacker tools cheaper and faster to build, and that trend shows no sign of slowing. Microsoft's own Digital Defense Report frames the defensive side of that same trajectory: the company says it stopped $4 billion in fraud attempts last year and now blocks 1.6 million fake or bot-driven sign-ups every hour. The encouraging part is that defenses are moving at a similar pace: Conditional Access policies can go live this week, passkeys are maturing fast, and training content is catching up to what attackers are sending this month.
Adaptive Security builds tools for that last piece. Our phishing simulations run on the same categories of AI-generated lures kits like Forg365 use, so employees train against the tactics attackers are using this month, and our reporting and risk-scoring tools sit alongside the Conditional Access and passkey work security teams are already doing elsewhere. More than 1,400 enterprise customers currently run our platform, and our training content averages a 4.8 out of 5 rating from the employees who complete it.
Security teams and employees are on the same side of this fight. Give people the right administrative controls and training that reflects current tactics, and a kit like Forg365 runs out of people worth attacking. Adaptive Security will keep tracking kits like Forg365 as they surface, so security teams can spend their time building defenses.
Get started with Adaptive Security
Related articles

Phishing Red Flags No Longer Work: Why AI Has Broken the Checklist Model and What Replaces It in 2026

AI Phishing Examples: Real-World Deepfake Video Scams, Voice Cloning Attacks, and LLM-Generated Email Fraud

Phishing Scams: The Complete Guide to Types, Warning Signs, Recognition, and Organizational Defense
Get started