FBI Warns of Kali365 Phishing Service Targeting Microsoft 365 Account

The FBI warns of Kali365, a Phishing-as-a-Service platform marketed on Telegram that uses device-code phishing to steal OAuth tokens from Microsoft 365 accounts, allowing attackers to bypass multi-factor authentication and hijack active sessions for Business Email Compromise and corporate data theft. Security firms observed realistic lures and recommend restricting device code flows, enforcing strict conditional access, and monitoring token and authentication activity.