logo

FBI: Kali365 Phishing Kit is Targeting Microsoft 365 Accounts

ID: a479c42d-317e-5832-b77d-2e5f3bda371e

STIX ID: report--a479c42d-317e-5832-b77d-2e5f3bda371e

Feed Name: KnowBe4 Blog

Threat Score
75/100

Date Published: 2026-06-05

Date Updated: 2026-06-06

Author: KnowBe4 Team

...
...

The FBI warns of Kali365, a phishing-as-a-service platform that uses OAuth device code flows to capture access and refresh tokens and gain persistent access to Microsoft 365 services without stealing credentials or bypassing MFA. The report describes the attack chain—phishing lure with a device code, victims entering the code on a legitimate Microsoft verification page, attackers capturing tokens—and recommends locking down device code authentication and conducting employee phishing awareness training.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.