A Cyber attack is not something. It's someone.
And someone can be known, anticipated, stopped.
Fortgale is the cyber defence for European organisations, built on two integrated capabilities: a SOC/MDR 24·7·365 with senior analysts who detect and contain attacks within measurable timeframes, and a proprietary Cyber Threat Intelligence that tracks the offensive groups targeting Europe.
Median containment in <30 minutes, our analysts in direct contact with your team.
NIS2 and DORA compliant.
A European cyber defense outpost, built by design.
Fortgale was founded in Milan in 2017 with a precise idea: not a technology reseller, but a defense outpost operated by our analysts, agnostic to the customer's stack. The first SOC/MDR went live in 2019.
Today we protect banks, finance, manufacturing, transport, aerospace & defense. Headquartered in Milan, operating across Europe and beyond. Four operational angles, SOC, MDR, Cyber Threat Intelligence, Advisory, orchestrated by a proprietary AI-native platform.
- 287 threat actors profiled active across European markets
- <30 min median containment from confirmed alert
- ISO/IEC 27001 · 9001 · 14001 · 45001 · NIS2 and DORA ready
Our defence is built on proprietary intelligence.
We know the adversaries active against European markets because we study them: we profile the actors, analyse the samples, track the campaigns. From this research comes every defence we deliver to the companies that rely on us. We don't aggregate third-party feeds, we publish only what we have verified first-hand.

Kali365: when the session becomes the new credential
ABSTRACT The FBI recently issued an advisory on Kali365, a Phishing-as-a-Service platform that abuses legitimate Microsoft OAuth flows to bypass multi-factor authentication. Kali…
Read article →
Phishing Kits Bypass MFA and Hijack companies's accounts in minutes
Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced traditional defenses. M…
Read article →
Investment-Targeted Phishing: How Phishing Kit Fuels Espionage in Funding Rounds
In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is em…
Read article →
Operation Storming Tide: A massive multi-stage intrusion campaign
In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabiliti…
Read article →
Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365
UPDATES: 27.11.2024: As mentioned by TrustWave, "Supercar Phishing Kit" has an high level of overlapping with the most recent update of "Rockstar 2FA Phishing-as-a-Service" 26.09…
Read article →
Espionage activities targeting European businesses
In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities wi…
Read article →We protect organisations across 8 key sectors,
each with its own adversaries.
One defense outpost, four operational functions.
SOC, MDR, Cyber Threat Intelligence and Advisory map to three verbs, know, anticipate, stop. Not separate modules: four angles of a single defense outpost protecting the organisation across the entire attack lifecycle.
Security Operations Center
European SOC operating 24·7·365 by our analysts. Triage, escalation and incident management with European regulatory context.
- Senior team of European analysts
- Dedicated cyber specialisations
- Board-ready reporting
Managed Detection & Response
Managed detection and response on endpoint, identity, cloud and network. Containment in minutes, not weeks.
- EDR · NDR · IDR · CDR
- Assisted remote response
- Proactive threat hunting
Cyber Threat Intelligence
Continuously updated profiles of 287 tools and actors active across European markets. Early-warning on emerging threats.
- Dark web monitoring 24/7
- Monthly threat actor briefing
- Reports produced by analysts
Cybersecurity Advisory
Risk assessment, NIS2/DORA posture, tabletop on real scenarios, vCISO. Strategy that becomes operational.
- NIS2 · DORA compliance
- Tabletop on real adversaries
- vCISO service
Book a meeting with our analysts.
One meeting, one NDA, one technical conversation. No funnel, no standard sales path. You'll receive the Report on your sector within 72 hours of the meeting.