FBI Warns Microsoft Users-New Attack Gains Access To Accounts

Key Points:

• The FBI issued a warning about Kali365, a new AI-powered phishing-as-a-service platform that allows attackers to steal Microsoft 365 access tokens and bypass multi-factor authentication without intercepting user credentials.
• Kali365 uses AI-generated phishing emails impersonating trusted cloud services to trick users into entering device codes on legitimate Microsoft verification pages, thereby sharing OAuth access codes with attackers.
• Once attackers obtain these OAuth tokens, they can access Microsoft 365 services like Outlook, Teams, and OneDrive without needing passwords or additional MFA challenges.
• The FBI recommends enterprise-level mitigations such as blocking device authentication and implementing conditional access policies, while advising users to be cautious of unexpected emails and avoid clicking suspicious links.
• Device code phishing is rapidly increasing, fueled by publicly available criminal toolkits and multiple phishing-as-a-service offerings, making user vigilance and email validation critical for defense.