{"id":430857,"date":"2026-06-16T11:10:56","date_gmt":"2026-06-16T05:40:56","guid":{"rendered":"https:\/\/dripp.zone\/news\/what-is-kali365-fbi-warns-telegram-based-phishing-service-targeting-microsoft-365-users-crypto-news\/"},"modified":"2026-06-16T11:27:44","modified_gmt":"2026-06-16T05:57:44","slug":"what-is-kali365-fbi-warns-telegram-based-phishing-service-targeting-microsoft-365-users-crypto-news","status":"publish","type":"post","link":"https:\/\/dripp.zone\/news\/what-is-kali365-fbi-warns-telegram-based-phishing-service-targeting-microsoft-365-users-crypto-news\/","title":{"rendered":"What is Kali365? FBI warns Telegram-based phishing service targeting Microsoft 365 users – Crypto News"},"content":{"rendered":"

<\/p>\n

\n
\n

The Federal Bureau of Investigation (FBI) has issued a public warning about a newly identified cybercrime platform called Kali365, a \u201cPhishing-as-a-Service\u201d (PhaaS) toolkit that is being used to target Microsoft 365<\/a> users by bypassing multi-factor authentication (MFA) protections.<\/p>\n<\/div>\n

\n

The platform, first detected in April 2026, is being actively distributed through Telegram channels and is designed to help even low-skilled attackers conduct sophisticated phishing campaigns.<\/p>\n<\/div>\n

\n

What is Kali365?<\/h2>\n

Kali365 is a cybercrime subscription service that allows threat actors to carry out automated phishing attacks against cloud-based accounts, particularly Microsoft 365 environments.<\/p>\n<\/div>\n

\n

According to the FBI<\/a>, the platform provides attackers with ready-made tools including:<\/p>\n<\/div>\n

\n

-AI-generated phishing emails and templates<\/p>\n<\/div>\n

\n

-Automated campaign management systems<\/p>\n<\/div>\n

\n

-Real-time victim tracking dashboards<\/p>\n<\/div>\n

\n

-OAuth token capture capabilities<\/p>\n<\/div>\n

\n

This effectively lowers the technical barrier for cybercriminals, enabling more widespread and scalable attacks.<\/p>\n<\/div>\n

\n

How the attack works<\/h2>\n

The FBI outlined a multi-stage process used by attackers leveraging Kali365:<\/p>\n<\/div>\n

\n

Victims receive emails impersonating trusted cloud services or document-sharing platforms. These emails contain a device code and instructions to visit a legitimate Microsoft login page.<\/p>\n<\/div>\n

\n

2. User authentication trick<\/p>\n<\/div>\n

\n

The victim enters the device code on the official Microsoft page, unknowingly authorizing the attacker\u2019s device.<\/p>\n<\/div>\n

\n

The system captures OAuth access and refresh tokens, giving attackers authenticated access to the victim\u2019s account.<\/p>\n<\/div>\n

\n

Attackers can then access services such as Outlook, Teams, and OneDrive without needing passwords or triggering MFA again.<\/p>\n<\/div>\n

\n

The FBI warned that this allows attackers to maintain long-term access to compromised accounts.<\/p>\n<\/div>\n

\n

Why this attack is dangerous<\/h2>\n

Unlike traditional phishing<\/a>, Kali365 exploits OAuth token-based authentication, which means:<\/p>\n<\/div>\n

\n

-Passwords are not directly stolen<\/p>\n<\/div>\n

\n

-MFA protections can be bypassed<\/p>\n<\/div>\n

\n

-Access can persist even after password changes<\/p>\n<\/div>\n

\n

This makes detection and recovery significantly more difficult for victims and IT teams.<\/p>\n<\/div>\n

\n

FBI recommendations<\/h2>\n

The FBI has urged organizations to tighten security controls around Microsoft 365 authentication systems, including:<\/p>\n<\/div>\n

\n

-Restricting or disabling device code flow authentication<\/p>\n<\/div>\n

\n

-Implementing strict conditional access policies<\/p>\n<\/div>\n

\n

-Auditing device code usage for legitimate business needs<\/p>\n<\/div>\n

\n

-Blocking authentication transfer between devices<\/p>\n<\/div>\n

\n

-Excluding emergency access accounts from restrictions to prevent lockouts<\/p>\n<\/div>\n

\n

The agency also advised organizations to proactively monitor login activity and unauthorized session creation.<\/p>\n<\/div>\n

Also Read<\/strong> | Google CEO Sundar Pichai faces student protest at Stanford ceremony<\/a><\/div>\n
\n

Reporting cyber incidents<\/h2>\n

The FBI has asked victims and organizations impacted by Kali365-related attacks to report incidents to the Internet Crime Complaint Center (IC3) at www.ic3.gov.<\/p>\n<\/div>\n

\n

-Full phishing email details (headers and content)<\/p>\n<\/div>\n

\n

-Suspicious login data (IP addresses, timestamps, locations)<\/p>\n<\/div>\n

\n

-Unauthorized device or session activity<\/p>\n<\/div>\n

\n

Growing threat of Phishing-as-a-Service<\/h2>\n

The emergence of Kali365 highlights a broader trend in cybercrime: the rise of Phishing-as-a-Service platforms, which package advanced hacking tools into easy-to-use subscription models.<\/p>\n<\/div>\n

\n

Security experts say this trend is accelerating cyberattacks globally, particularly against cloud-first workplaces that rely heavily on services like Microsoft 365.<\/p>\n<\/div>\n

\n

The FBI\u2019s warning underscores the need for stronger authentication safeguards and continuous monitoring as attackers increasingly exploit identity-based security weaknesses rather than traditional password theft.<\/p>\n<\/div>\n

Also Read<\/strong> | OpenAI, Anthropic IPO boom sparks warning from Satya Nadella over AI monopolies<\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

The Federal Bureau of Investigation (FBI) has issued a public warning about a newly identified cybercrime platform called Kali365, a \u201cPhishing-as-a-Service\u201d (PhaaS) toolkit that is being used to target Microsoft 365 users by bypassing multi-factor authentication (MFA) protections. The platform, first detected in April 2026, is being actively distributed through Telegram channels and is designed […]<\/p>\n","protected":false},"author":2,"featured_media":430866,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[47534,47535,188,183,47533,185,186,47537,47536,47527,47526,187,47528,47538,184,47531,47530,47529,189,150,182,47532,190],"class_list":["post-430857","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-ai-generated-phishing-emails","tag-automated-phishing-toolkit","tag-blockchain-tech","tag-blockchain-technology","tag-cloud-account-hacking","tag-crypto-technology","tag-cryptocurrency-technology","tag-cyber-fraud-alert","tag-device-code-phishing-attack","tag-fbi-warning","tag-kali365","tag-metaverse-technology","tag-microsoft-365-cyberattack","tag-microsoft-365-users","tag-nft-technology","tag-oauth-token-theft","tag-phaas","tag-phishing-as-a-service","tag-soul-bound-token","tag-tech","tag-technology","tag-telegram-cybercrime-platform","tag-token-technology"],"_links":{"self":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/430857","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/comments?post=430857"}],"version-history":[{"count":1,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/430857\/revisions"}],"predecessor-version":[{"id":430869,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/430857\/revisions\/430869"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media\/430866"}],"wp:attachment":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media?parent=430857"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/categories?post=430857"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/tags?post=430857"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}