FBI Issues Alert on Kali365 Phishing Platform

The Federal Bureau of Investigation (FBI) recently issued an urgent public service announcement regarding a dangerous new threat. Specifically, federal agents are warning organizations about the rapid rise of the Kali365 phishing platform. This malicious ecosystem targets enterprise cloud environments to hijack sensitive corporate information. According to authorities, the operation has been actively spreading through popular messaging networks since April 2026. Therefore, administrators must enhance their monitoring protocols immediately to safeguard corporate accounts.

Bypassing Multi-Factor Authentication

Token Hijacking Mechanics

To begin with, this threat shifts away from traditional credential harvesting methods. Instead, the software focuses entirely on stealing session authorizations. The official advisory warns that the threat platform is “enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication protocols without intercepting the user’s credentials”. Consequently, typical defensive layers fail to stop the intrusion.

Lowering Attack Barriers

Furthermore, the underground service significantly reduces the technical requirements for novice cybercriminals. The platform operates on a subscription model via Telegram channels. Specifically, the FBI alert notes that “Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities”. Thus, almost anyone can launch an advanced campaign.

How the Scam Operates

The Deceptive Device Code Lure

In a typical attack scenario, the threat actor initiates contact via email. The attacker sends a malicious message impersonating trusted cloud productivity or document-sharing applications. Moreover, the message provides a specific device code. It instructs the victim to enter this code on a legitimate Microsoft verification web page.

Persistent Access Risks

Consequently, if the victim enters the code, the Kali365 phishing platform captures the resulting session token. The attackers then secure permanent entry to the compromised environment. To mitigate this risk, the FBI recommends filing immediate reports with the Internet Crime Complaint Center if any suspicious logins occur.