The FBI warns about Kali365, a phishing-as-a-service platform that lets hackers bypass multi-factor authentication and gain ongoing access to Microsoft 365 accounts.
The Federal Bureau of Investigation has issued a public warning about a new phishing scam called Kali365 that specifically targets Microsoft 365 accounts. This malicious service allows hackers to bypass multi-factor authentication and gain persistent access to victims' emails, files, and other cloud services.
Kali365 operates as a phishing-as-a-service platform, making sophisticated attacks accessible even to less experienced cybercriminals by providing AI-generated phishing emails, pre-built attack templates, live tracking tools, and token-stealing capabilities. The FBI emphasizes that this scam poses a significant threat because it undermines one of the most effective security measures currently available: multi-factor authentication. The attack begins with a deceptive phishing email that appears to come from a trusted cloud storage or document-sharing service.
The email contains a device authentication code and instructions for the recipient to visit a legitimate Microsoft verification page and enter that code. Unsuspecting victims who follow these steps unknowingly grant the attacker permission to access their Microsoft 365 account. Once the attacker has this access, they can steal login tokens that allow them to continue accessing the account without needing the victim's password.
These stolen tokens enable the attacker to log into services like Outlook, Teams, and OneDrive repeatedly, often without triggering additional multi-factor authentication prompts. This means that even if the victim changes their password, the attacker may still have access through the stolen tokens unless they are explicitly revoked. To defend against this threat, the FBI recommends that organizations limit or completely block the use of device authentication codes, as this feature is being exploited by attackers.
Security policies should be configured to prevent device code logins for most users, with exceptions granted only when absolutely necessary. Before making changes, organizations should audit how the feature is currently being used to avoid unintended disruptions.
Additionally, the FBI advises blocking authentication transfers between computers and mobile devices to make it harder for attackers to steal access tokens. If the feature cannot be fully disabled, emergency accounts should be excluded to prevent administrators from being locked out.
Individuals who suspect they have been targeted by Kali365 should report the incident to the FBI's Internet Crime Complaint Center at IC3.gov, providing as much detail as possible, including the phishing email, suspicious login times and IP addresses, and any unknown devices or active sessions connected to their account. The FBI continues to monitor this threat and urges all Microsoft 365 users to remain vigilant
FBI Kali365 Phishing Microsoft 365 Multi-Factor Authentication
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
The FBI Wants ‘Near Real-Time’ Access to US License Plate ReadersPlus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more.
Read more »
Trial of ex-FBI chief Comey over alleged seashell threat moved to OctoberA U.S. judge on Tuesday pushed back the trial of former FBI Director James Comey over a social media post of seashells that prosecutors allege was a threat to Pres. Donald Trump.
Read more »
Ex-FBI Director James Comey Arraignment Delayed after Threat Charge AppealFormer FBI director James Comey's arraignment in a federal threat charge case has been delayed after his lawyers indicated they plan to file multiple motions on constitutional grounds. The trial had previously been set for July 15.
Read more »
Microsoft Warns of Sneaky Crypto Miner Threat Targeting High-End PC UsersMicrosoft Threat Intelligence has uncovered a highly sophisticated cryptojacking campaign that specifically targets PC gamers and hardware enthusiasts.
Read more »