ThreatCluster

Kratos PhaaS Targets Microsoft 365 Users with Phishing Campaigns

First seen 16 Jul 2026, 09:53 UTC GbhackersCybersecuritynews 87% similarity 49

Article Content

Browse articles
ThreatCluster

Kratos, a subscription-based phishing-as-a-service platform, is actively targeting Microsoft 365 users in the US, Europe, and other regions. The attackers employ phishing tactics that utilize trusted services like Microsoft SharePoint and OneDrive to deliver links leading to credential-harvesting pages. Organizations including small businesses, law firms, and schools are at risk from these campaigns, which use believable document-sharing lures. The operation has been confirmed to have affected at least 156 sessions. No specific CVEs were mentioned, but the attack vector involves fake login pages designed to steal user credentials. The situation is ongoing, with security professionals urged to remain vigilant against these tactics.

Key Points: • Kratos PhaaS is targeting Microsoft 365 users through phishing campaigns. • The operation uses trusted services to deliver links to credential-harvesting pages. • Organizations across various sectors, including small businesses and schools, are at risk.

ThreatCluster AI

Timeline

2026-07-16
Kratos PhaaS phishing campaign reported
Reports indicate that Kratos is targeting Microsoft 365 users with phishing tactics using trusted services to steal credentials.
Gbhackers
2026-07-16
Phishing tactics detailed
The campaign employs believable document-sharing lures leading to fake login pages, affecting various organizations.
Cybersecuritynews

Community

Browse all →