Threats
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
The FBI has issued an advisory about Kali365, a phishing-as-a-service (PhaaS) operation that provides turnkey infrastructure for targeting Microsoft 365 accounts. The platform offers pre-built phishing kits, hosting, and credential harvesting capabilities, lowering the barrier to entry for cybercriminals seeking to compromise corporate Microsoft 365 tenants. Kali365's campaigns typically use convincing login page replicas and adversary-in-the-middle techniques to bypass multi-factor authentication protections. Organizations are advised to implement phishing-resistant MFA, monitor for suspicious login patterns, and train users to recognize credential-harvesting attempts targeting their Microsoft 365 credentials.
View on Graph
Overview
- The FBI has issued an advisory about Kali365, a phishing-as-a-service (PhaaS) operation that provides turnkey infrastructure for targeting Microsoft 365 accounts.
- The platform offers pre-built phishing kits, hosting, and credential harvesting capabilities, lowering the barrier to entry for cybercriminals seeking to compromise corporate Microsoft 365 tenants.
- Kali365’s campaigns typically use convincing login page replicas and adversary-in-the-middle techniques to bypass multi-factor authentication protections.
- Organizations are advised to implement phishing-resistant MFA, monitor for suspicious login patterns, and train users to recognize credential-harvesting attempts targeting their Microsoft 365 credentials.
Sources
Related
- Phishing TTPs and detection methods for credential harvesting — detection and response for T1566 techniques
- Related AiTM phishing techniques that bypass MFA — detection and response for T1566, T1528 techniques
- MFA security gaps that complement phishing resistance — detection and response for T1110.004, T1621 techniques