FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The FBI has issued a warning regarding the Kali365 phishing kit, which is actively stealing Microsoft OAuth tokens and bypassing multi-factor authentication (MFA) protocols. First identified in April 2026, Kali365 is marketed as a Phishing-as-a-Service (PhaaS) platform on Telegram, enabling less-technical attackers to execute phishing campaigns. The attack method involves sending emails that impersonate trusted cloud services, instructing victims to enter a device code on a legitimate Microsoft page, thereby granting attackers access to their accounts without needing credentials. This poses significant risks to organizations, including potential data theft and corporate espionage. The FBI has recommended creating conditional access policies and blocking authentication transfer policies to mitigate the threat. The rise of Kali365 adds to the growing concerns over phishing attacks, which 77% of organizations believe have increased in the past year.
Key Points: • Kali365 phishing kit bypasses MFA by stealing OAuth tokens from Microsoft 365 accounts. • The kit is marketed on Telegram, lowering the barrier for less-technical attackers. • The FBI recommends specific mitigation strategies for organizations to protect against these attacks.