FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users

FBI Warns of Kali365 Phishing Kit Targeting Microsoft 365 Users

First seen 22 May 2026, 11:24 UTC Digitalterminal.InCiso.Economictimes.IndiatimesProofpointGbhackersCybersecuritynews+86 89% similarity 72.5

Article Content

Browse articles
ThreatCluster

The FBI has issued a warning regarding the Kali365 phishing kit, which is actively stealing Microsoft OAuth tokens and bypassing multi-factor authentication (MFA) protocols. First identified in April 2026, Kali365 is marketed as a Phishing-as-a-Service (PhaaS) platform on Telegram, enabling less-technical attackers to execute phishing campaigns. The attack method involves sending emails that impersonate trusted cloud services, instructing victims to enter a device code on a legitimate Microsoft page, thereby granting attackers access to their accounts without needing credentials. This poses significant risks to organizations, including potential data theft and corporate espionage. The FBI has recommended creating conditional access policies and blocking authentication transfer policies to mitigate the threat. The rise of Kali365 adds to the growing concerns over phishing attacks, which 77% of organizations believe have increased in the past year.

Key Points: • Kali365 phishing kit bypasses MFA by stealing OAuth tokens from Microsoft 365 accounts. • The kit is marketed on Telegram, lowering the barrier for less-technical attackers. • The FBI recommends specific mitigation strategies for organizations to protect against these attacks.

ThreatCluster AI

Timeline

2026-04-01
Kali365 first identified
The Kali365 phishing kit was first observed in April 2026, targeting Microsoft 365 users.
The Register
2026-05-22
FBI issues public service announcement
The FBI warned the public about the dangers of the Kali365 phishing kit and its methods.
Csoonline
2026-05-22
Mitigation strategies recommended
The FBI provided guidance for IT security managers to mitigate the risks posed by Kali365.
IC3

Community

Browse all →