Category
Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced traditional defenses. MFA alone is not enough. The answer is not one more product but a managed defense that combines phishing-resistant authentication, session-level detection, intelligence-driven and AI triage. An attack is not … Read more
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed “FortiSync Quasar,” revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.
The Microsoft 365 environment ranks among the primary platforms targeted by threat actors. By its very nature, it is exposed to a wide spectrum of offensive operations — and precisely for this reason, Microsoft continuously introduces new tools and configurations to help organizations cope with this ever-shifting landscape of attacks (such as Conditional Access policies … Read more
In the ever-evolving landscape of cyber threats, threat actors are constantly seeking new and innovative ways to deceive and compromise unsuspecting targets. One of the latest techniques that Fortgale observed gaining prominence over the last few months is the utilization of QR codes in phishing email campaigns (Spearphishing Technique – T1566). In this article, we … Read more
In March, Fortgale detected a significant increase in malicious activity targeting Italian companies associated with the spread of the Trojan IceID malware. The most relevant activity was identified in the March 16 campaign in which the criminal actor manipulated previous conversations of the victims by inserting a malicious attachment with theHTML Smuggling technique: A company … Read more
In 2021, Fortgale conducted an Incident Response operation to eradicate the WannaMine malware from the systems of an Italian company operating in the industrial sector. The malware proliferated across several hundred systems, exploiting a variety of propagation techniques. Upon installation, WannaMine initiates cryptocurrency mining activities, leading to substantial disruptions in the company’s operations due to … Read more
