European SOC 24·7·365 · Managed Detection & Response · Cyber Threat Intelligence

A Cyber attack is not something. It's someone.

And someone can be known, anticipated, stopped.

Fortgale is the cyber defence for European organisations, built on two integrated capabilities: a SOC/MDR 24·7·365 with senior analysts who detect and contain attacks within measurable timeframes, and a proprietary Cyber Threat Intelligence that tracks the offensive groups targeting Europe.

Median containment in ~11 minutes, our analysts in direct contact with your team.

NIS2 and DORA compliant.

Speak with our analysts Discover how we operate
24·7·365European SOC
~11 minMedian containment
180+Threat actors profiled
Certifications · view PDFs
ISO/IEC 27001 ISO 9001 ISO 14001 ISO 45001
NIS2 ready
DORA aligned
GDPR · ENISA
Historic entrance of the Fortgale Milan HQ · Via San Damiano 2
Operational HQ · Milan Via San Damiano 2
About · Since 2017

A European cyber defense outpost, built by design.

Fortgale was founded in Milan in 2017 with a precise idea: not a technology reseller, but a defense outpost operated by our analysts, agnostic to the customer's stack. The first SOC/MDR went live in 2019.

Today we protect banks, finance, manufacturing, transport, aerospace & defense. Headquartered in Milan, operating across Europe and beyond. Four operational angles — SOC, MDR, Cyber Threat Intelligence, Advisory — orchestrated by a proprietary AI-native platform.

  • 180+ threat actors profiled active across European markets
  • ~11 min median containment from confirmed alert
  • ISO/IEC 27001 · 9001 · 14001 · 45001 · NIS2 and DORA ready
Discover our story
Research · proprietary intelligence

Our defence is built on proprietary intelligence.

We know the adversaries active against European markets because we study them: we profile the actors, analyse the samples, track the campaigns. From this research comes every defence we deliver to the companies that rely on us. We don't aggregate third-party feeds — we publish only what we have verified first-hand.

Defence15 Apr 2026

Phishing Kits Bypass MFA and Hijack companies's accounts in minutes

Intelligence · Phishing Kit · Q1 2026 April 24, 2026Fortgale CTI14 min readRPT-26-0424 Observation of the quarter The 2026 phishing ecosystem has outpaced tradition…

Read article →
Featured8 Apr 2026

Investment-Targeted Phishing: How Phishing Kit Fuels Espionage in Funding Rounds

In the high-stakes world of venture capital and corporate funding, where millions hang in the balance and sensitive financial data flows freely, a new breed of cyber threat is em…

Read article →
Defence13 Mar 2026

Operation Storming Tide: A massive multi-stage intrusion campaign

In February 2026, the Fortgale Incident Response team investigated a multi-stage intrusion attributed to Mora_001, a Russian-origin threat actor exploiting Fortinet vulnerabiliti…

Read article →
Featured4 Sep 2024

Behind the Wheel: Unveiling the Supercar Phishing Kit Targeting Microsoft 365

UPDATES: 27.11.2024: As mentioned by TrustWave, "Supercar Phishing Kit" has an high level of overlapping with the most recent update of "Rockstar 2FA Phishing-as-a-Service" 26.09…

Read article →
Featured18 Dec 2023

Espionage activities targeting European businesses

In the evolving landscape of cybersecurity threats, Fortgale is tracking PhishSurf Nebula, an advanced Cyber Espionage group active since 2021 and primarily targeting entities wi…

Read article →
Featured6 Dec 2023

Nebula Broker: offensive operations made in Italy

Fortgale has been tracking an Italian Threat Actor, internally dubbed as Nebula Broker, since March 2022. The actor uses self-made malware (BrokerLoader) to compromise Italian sy…

Read article →
All research on the blog →
Who we protect · by sector

We protect organisations across 8 key sectors,
each with its own adversaries.

Manufacturing
Ransomware with exfiltration, critical production downtime, integrated OT/IT.
Actors LockBit 4.0 BlackCat Akira +4
Tech
Software supply chain, OAuth/SSO token abuse, privileged cloud access, source code leaks.
Actors Scattered Spider Lapsus$ BlackCat +3
Banking and Finance
Advanced e-crime, banking supply chain, vishing against helpdesk and operators.
Actors Cl0p FIN7 Scattered Spider +3
Insurance
Digital claim fraud, data breach, ransomware on policy and claim platforms.
Actors Scattered Spider BlackCat Cl0p +2
Aerospace and Defense
State-sponsored APTs, software supply chain, IP and classified data exfiltration.
Actors APT28 APT29 Sandworm +3
Aviation
DDoS on public channels, ransomware on MRO/handling, carrier supply chain.
Actors NoName057(16) LockBit BlackCat +2
Heavy industry
Ransomware on continuous processes, critical OT SCADA/PLC, industrial IP exfiltration.
Actors LockBit 4.0 BlackCat Sandworm +4
Maritime transport
OT on vessels and port terminals, cargo management ransomware, GPS/AIS spoofing, maritime supply chain.
Actors NoName057(16) LockBit RansomHub +2
How we operate · operational stack

One defense outpost, four operational functions.

SOC, MDR, Cyber Threat Intelligence and Advisory map to three verbs — know, anticipate, stop. Not separate modules: four angles of a single defense outpost protecting the organisation across the entire attack lifecycle.

Objective
Protect the organisation before, during and after the attack — with a single point of contact, a single visibility, a single chain of responsibility.
Service · 01

Security Operations Center
Service · 02

Managed Detection & Response
Service · 03

Cyber Threat Intelligence
Service · 04

Cybersecurity Advisory
Contact · first step

Book a meeting with our analysts.

One meeting, one NDA, one technical conversation. No funnel, no standard sales path. You'll receive the Report on your sector within 72 hours of the meeting.

Response time: < 1 business day.