FBI warns Microsoft 365 users about another Phishing as a Service attack – here's how to avoid it - IT Pro

The FBI has issued an urgent alert regarding a new, sophisticated Phishing as a Service (PaaS) kit, "Kali365," specifically targeting Microsoft 365 users. This kit is designed to steal OAuth tokens, effectively bypassing traditional Multi-Factor Authentication (MFA) and granting threat actors persistent access to corporate accounts. It represents a significant escalation in the ongoing battle against credential theft. Kali365 exemplifies the growing sophistication of Adversary-in-the-Middle (AiTM) phishing, where attackers proxy legitimate login pages to intercept session cookies and OAuth tokens. This circumvents the very protection MFA was designed to offer, making even well-secured organizations vulnerable. The rise of such readily available PaaS tools democratizes advanced attack capabilities, lowering the bar for cybercriminals and intensifying pressure on corporate cybersecurity teams to adopt more robust defense postures beyond just MFA. Organizations must now move beyond relying solely on MFA, implementing stronger security measures like Conditional Access Policies, Zero Trust Architecture, and robust endpoint detection and response. The immediate focus is on educating users about advanced phishing tactics and deploying solutions that validate continuous user identity and device health. Expect a renewed push from security vendors to offer advanced token protection and behavior analytics as this threat vector continues to evolve.