{"id":260072,"date":"2026-05-26T11:37:00","date_gmt":"2026-05-26T15:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/26\/fbi-warns-about-phaas-platform-used-to-access-microsoft-365-environments\/"},"modified":"2026-05-31T04:00:57","modified_gmt":"2026-05-31T08:00:57","slug":"fbi-warns-about-phaas-platform-used-to-access-microsoft-365-environments","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/26\/fbi-warns-about-phaas-platform-used-to-access-microsoft-365-environments\/","title":{"rendered":"FBI warns about PhaaS platform used to access Microsoft 365 environments"},"content":{"rendered":"

FBI warns about PhaaS platform used to access Microsoft 365 environments<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/fbi-warns-phishing-platform-microsoft-365\/821105\/<\/a><\/p>\n

Publish Date: 2026-05-26 11:37:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

The FBI is warning about a phishing-as-a-service platform, called Kali365, that allows hackers to access Microsoft 365 tokens and bypass multifactor authentication without a user\u2019s credentials.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The Kali365 platform subscription lets hackers access OAuth tokens and gain persistent access to the M365 environments of targeted organizations or individuals,\u00a0<\/span><\/span><\/span><\/span><\/span><\/span>according to an FBI advisory released Thursday.<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The platform subscription serves as an entry point for less sophisticated attackers. The platform offers access to AI-generated phishing lures, dashboards to track targeted victims, automated templates and other benefits.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The attacks use phishing emails that impersonate trusted cloud productivity and document sharing services, the FBI said. The emails include a device code that tells the user to visit a legitimate Microsoft verification page, on which the user pastes in the code.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The hacker then can gain OAuth access and refresh tokens. This provides access to the Microsoft 365 account and various services, including Teams, Outlook and OneDrive.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

Arctic Wolf researchers said the Kali365 infrastructure lowers the barrier to entry for potential attackers.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

\u201cBecause it leverages legitimate Microsoft infrastructure, the activity can appear normal to the victim, which makes it harder to detect,\u201d said Steven Campbell, staff threat intelligence researcher at cybersecurity firm Arctic Wolf. \u201cIn practical terms, this means an attacker doesn\u2019t need to build sophisticated tooling themselves. They can stand up a campaign quickly and at scale.\u201d<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The FBI warning comes about a month after a <\/span><\/span><\/span><\/span><\/span><\/span>report by Arctic Wolf<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span> on an operation that used the Kali365 platform. Researchers said they have been tracking a widespread device code phishing campaign since early April.\u00a0<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

The campaign originated mainly from a single IP address, operated in North America and Europe, the Middle East and Africa. The campaign\u2019s…<\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

FBI warns about PhaaS platform used to access Microsoft 365 environments https:\/\/www.cybersecuritydive.com\/news\/fbi-warns-phishing-platform-microsoft-365\/821105\/ Publish Date: 2026-05-26…<\/p>\n","protected":false},"author":1,"featured_media":260073,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/77cSuYhzgcWYOhoW_IX_ypXJzDT4abw9G9opztCvWTM\/g:nowe:0:0\/c:3000:1694\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0yMTM2MzQxNjc1LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[20,96,25],"class_list":["post-260072","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-artificial-intelligence","tag-hackerexploit","tag-phishing"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260072"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=260072"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260072\/revisions"}],"predecessor-version":[{"id":260074,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/260072\/revisions\/260074"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/260073"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=260072"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=260072"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=260072"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}