- FBI issues serious warning about Kali365 PhaaS platform.
- By sending fake emails it steals tokens and bypasses MFA.
- FBI advises monitoring, limiting device code flow.
What is Kali365: A new and serious warning has emerged regarding cyber security. America’s investigative agency FBI has issued an alert about a new cyber crime platform named Kali365. This is a Phishing-as-a-Service (PhaaS) toolkit that is being used to target Microsoft 365 accounts. The most worrying thing is that this platform can also bypass security layers like Multi-Factor Authentication (MFA).
According to the FBI, this platform, which first appeared in April 2026, is being spread through Telegram channels, due to which even attackers with less technical knowledge can carry out cyber attacks on a large scale.
What is Kali365?
Kali365 is a subscription-based cybercrime service that allows hackers to run automated phishing attacks on cloud-based accounts, particularly Microsoft 365 environments.
According to the FBI, many advanced features have been provided in this platform such as phishing emails and templates prepared with the help of AI, automated campaign management system, real-time victim tracking dashboard, ability to steal OAuth tokens. Due to these features, cyber criminals require less technical expertise and can carry out attacks on a larger scale.
How does this attack work?
Attacks carried out through Kali365 are completed in several stages.
fake email trap
First of all, the victim is sent an email that appears to have come from a trusted cloud service or document sharing platform. The email contains a device code and instructions to visit Microsoft’s official login page.
confuse the user
When the user goes to Microsoft’s original login page and enters the device code, he unknowingly gives permission to the attacker’s device to access his account.
OAuth token theft
After this the system captures the user’s OAuth access and refresh token. This token helps the attacker to access the account.
Long term account control
Once they get the token, attackers can access services like Outlook, Teams and OneDrive. For this they do not need password or MFA again. The FBI says that with this method attackers can maintain control over the account for a long time.
Why is this attack so dangerous?
Older phishing attacks usually try to steal passwords but Kali365 works differently.
due to this
- Passwords are not directly stolen
- MFA security can be bypassed
- An attacker may still have access after changing the password.
This is why detecting and recovering from such attacks becomes more difficult for IT teams and victims.
What precautions did the FBI ask to take?
The FBI has advised organizations and companies to strengthen the security of Microsoft 365. The agency has suggested many measures.
Limiting or turning off Device Code Flow Authentication
Enforcing Strict Conditional Access Policies
Regularly check device code usage
Preventing Authentication Transfer Between Different Devices
Placing emergency access accounts under special protection
Apart from this, it has also been advised to continuously monitor suspicious login activities and incorrect sessions.
Where to report a cyber attack?
The FBI has asked to report any cyber attack or suspicious activity related to Kali365 to the Internet Crime Complaint Center (IC3). It is advised to include all the necessary information in the report.
Also read:
Telegram banned till NEET re-test! Know how the entire app gets closed in one go.
