Inside Kali365, a Device Code Phishing Ecosystem | Huntress
ID: e1347dd0-0c8e-539f-b6bb-8d9f11e3d99b
STIX ID: report--e1347dd0-0c8e-539f-b6bb-8d9f11e3d99b
Feed Name: Huntress Blog
Huntress Labs analysis reveals a mature phishing-as-a-service platform (Kali365/Octopi365) that employs Microsoft device code flow and AiTM proxies to capture M365 tokens, maintain persistent mailbox/admin access (even with MFA or password changes), and provide operators with a full ecosystem—panel variants, token vaults, AI-assisted BEC tooling, a domain marketplace, and Electron desktop apps to create real browser sessions and mass-phish from compromised accounts; the report includes IoCs, hunting rules, and detection guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
