A Cyber attack is not something. It’s someone.
Someone you can track, analyse, anticipate.
Need a hand? See how Fortgale can help — our services and support.
Blog · research & analysis
Latest analysis
Kali365: when the session becomes the new credential
ABSTRACT The FBI recently issued an advisory on Kali365, a Phishing-as-a-Service platform that abuses legitimate Microsoft OAuth flows to bypass multi-factor authentication. Kali365 is a Phishing-as-a-Service platform that bypasses Microsoft MFA by abusing the OAuth Device Code Flow. For $250, an operator with minimal skill acquires enterprise-grade identity compromise capability. The technique does not break … Read more
Phishing Kits Bypass MFA and Hijack companies’s accounts in minutes
Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced traditional defenses. MFA alone is not enough. The answer is not one more product but a managed defense that combines phishing-resistant authentication, session-level detection, intelligence-driven and AI triage. An attack is not … Read more
Investment-Targeted Phishing: How Phishing Kit Fuels Espionage in Funding Rounds
In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is emerging. Imagine receiving an email that looks like a golden opportunity—a potential investor reaching out just as your company navigates a critical funding round. It’s polished, … Read more
TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks
TeamPCP: The Rise of Cloud-Native Extortion and Supply Chain Attacks TeamPCP is an emerging cybercriminal collective that became active in late 2025, distinguishing itself through a specialized focus on massive attacks against cloud-native infrastructures. Unlike traditional Advanced Persistent Threat (APT) groups that often prioritize deep persistence on specific endpoints, TeamPCP utilizes high-level automation to scale … Read more
Protected: Matanbuchus – Malware Analysis
There is no excerpt because this is a protected post.
Operation Storming Tide: A massive multi-stage intrusion campaign
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabilities. The campaign, internally dubbed “FortiSync Quasar,” revealed an evolution from ransomware operations to strategic espionage, deploying Matanbuchus 3.0, Astarion RAT, and SystemBC. Rapid containment prevented any data exfiltration.
Massive Microsoft 365 User Enumeration Across Italy and Europe
The Microsoft 365 environment ranks among the primary platforms targeted by threat actors. By its very nature, it is exposed to a wide spectrum of offensive operations — and precisely for this reason, Microsoft continuously introduces new tools and configurations to help organizations cope with this ever-shifting landscape of attacks (such as Conditional Access policies … Read more
Protected: Analysis of the BlackBasta infrastructure: Cobalt Strike
There is no excerpt because this is a protected post.