FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
Summary
The FBI has issued a warning about Kali365, a phishing-as-a-service platform designed to compromise Microsoft 365 accounts. Kali365 leverages OAuth device code authentication to steal session tokens and circumvent multi-factor authentication.
IFF Assessment
FOE
This service poses a significant threat to defenders by enabling the compromise of user accounts and the bypass of MFA, a critical security control.
Defender Context
Defenders should be aware of the Kali365 PhaaS and the tactics it employs, particularly the abuse of OAuth device code authentication. This highlights the need for robust monitoring of OAuth applications and token usage within Microsoft 365 environments, and educating users about sophisticated phishing campaigns.