The FBI has issued a warning about Kali365, a phishing-as-a-service platform linked to the compromise of hundreds of Microsoft 365 accounts. The platform reportedly helps cybercriminals bypass multi-factor authentication (MFA) by stealing access tokens instead of login credentials.
Kali365, mainly distributed through Telegram, gives hackers ready-made phishing tools, automated attack campaigns, and real-time tracking dashboards, making advanced cyberattacks accessible even to less experienced criminals.
Attackers typically send emails posing as document-sharing or productivity services, tricking victims into entering authentication codes on legitimate Microsoft verification pages. Once the code is entered, hackers can gain access to services like Outlook, Teams, and OneDrive without needing the victim’s password.
The FBI advises users to remain cautious of unexpected emails, avoid suspicious links, and always verify requests before sharing sensitive information or logging into accounts.
