FBI warns of Kali Oauth stealers
Summary
The FBI has issued a warning about Kali365, a new tool enabling cybercriminals to steal Microsoft 365 access tokens and bypass MFA through OAuth token capture. This phishing-based attack directs victims to authorize attacker devices by entering specific codes on legitimate Microsoft sites. The FBI has provided mitigation advice for IT security managers, including conditional access policies and blocking authentication transfer.
IFF Assessment
This article details a new method for cybercriminals to compromise Microsoft 365 accounts, which represents a significant threat to organizations.
Defender Context
Defenders should be aware of the Kali365 threat, which leverages OAuth token theft to bypass MFA, a common and effective security control. Implementing the FBI's recommended conditional access policies and blocking authentication transfer can help mitigate this specific attack vector.