logo

Inside Kali365, a Device Code Phishing Ecosystem | Huntress

ID: e1347dd0-0c8e-539f-b6bb-8d9f11e3d99b

STIX ID: report--e1347dd0-0c8e-539f-b6bb-8d9f11e3d99b

Feed Name: Huntress Blog

Threat Score
78/100

Date Published: 2026-06-11

Date Updated: 2026-06-25

...
...

Huntress Labs analysis reveals a mature phishing-as-a-service platform (Kali365/Octopi365) that employs Microsoft device code flow and AiTM proxies to capture M365 tokens, maintain persistent mailbox/admin access (even with MFA or password changes), and provide operators with a full ecosystem—panel variants, token vaults, AI-assisted BEC tooling, a domain marketplace, and Electron desktop apps to create real browser sessions and mass-phish from compromised accounts; the report includes IoCs, hunting rules, and detection guidance.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.