FBI warns about new Kali365 Phishing platform targeting Microsoft Accounts
FBI warns about new Kali365 Phishing platform targeting Microsoft Accounts
Publish Date: 2026-05-29 02:29:00
Source Domain: www.cybersecurity-insiders.com
Cybercrime has evolved rapidly over the years, and hackers are continuously finding new ways to bypass traditional security measures. Stealing passwords, sensitive documents, and private user information has become a common activity in the digital underground. However, cybersecurity experts are now warning about a more advanced threat that allows hackers to gain access to accounts without even needing a password.
According to a recent warning issued by the Federal Bureau of Investigation (FBI), cybercriminals are using a sophisticated phishing platform known as “Kali365” to target users of Microsoft 365 services. The platform is reportedly capable of stealing authentication tokens and session credentials, enabling attackers to access Outlook emails, Microsoft Teams conversations, cloud storage files, and other sensitive organizational data.
Unlike traditional phishing attacks that trick users into revealing usernames and passwords, Kali365 focuses on exploiting authentication sessions. The phishing-as-a-service platform allows hackers to intercept security tokens generated during the login process. Once these tokens are stolen, attackers can impersonate legitimate users and gain direct access to accounts without triggering standard password-based security checks.
Security analysts believe that this technique is particularly dangerous because it can bypass multifactor authentication (MFA), which is widely considered one of the strongest protections against unauthorized account access. In many cases, users may unknowingly approve a login request or receive what appears to be a legitimate authentication message. Once the authentication process is completed, the attacker captures the session token and uses it to maintain access to the account.
The FBI has noted that the Kali365 platform has been designed to automate many stages of the phishing process. This makes it easier even for inexperienced cybercriminals with limited technical…
