Someone you can track, analyse, anticipate.
Need a hand? See how Fortgale can help — our services and support.
Blog · research & analysis
ABSTRACT The FBI recently issued an advisory on Kali365, a Phishing-as-a-Service platform that abuses legitimate Microsoft OAuth flows to bypass multi-factor authentication. Kali365 is a Phishing-as-a-Service platform that bypasses Microsoft MFA by abusing the OAuth Device Code Flow. For $250, an operator with minimal skill acquires enterprise-grade identity compromise capability. The technique does not break … Read more
Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced traditional defenses. MFA alone is not enough. The answer is not one more product but a managed defense that combines phishing-resistant authentication, session-level detection, intelligence-driven and AI triage. An attack is not … Read more
In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is emerging. Imagine receiving an email that looks like a golden opportunity—a potential investor reaching out just as your company navigates a critical funding round. It’s polished, … Read more
TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks TeamPCP is an emerging cybercriminal collective that became active in late 2025, distinguishing itself through a specialized focus on massive attacks against cloud-native infrastructures. Unlike traditional Advanced Persistent Threat (APT) groups that often prioritize deep persistence on specific endpoints, TeamPCP utilizes high-level automation to scale … Read more
There is no excerpt because this is a protected post.
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed “FortiSync Quasar,” revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.
The Microsoft 365 environment ranks among the primary platforms targeted by threat actors. By its very nature, it is exposed to a wide spectrum of offensive operations — and precisely for this reason, Microsoft continuously introduces new tools and configurations to help organizations cope with this ever-shifting landscape of attacks (such as Conditional Access policies … Read more
There is no excerpt because this is a protected post.
UPDATES: 27.11.2024: As mentioned by TrustWave, “Supercar Phishing Kit” has an high level of overlapping with the most recent update of “Rockstar 2FA Phishing-as-a-Service” 26.09.2024: As mentioned by Any.Run, “Supercar Nebula” has an high level of overlapping with “Storm-1575“ In August 2024, Fortgale identified and analyzed an extensive phishing campaign employing a previously publicy undocumented … Read more
