Kali365 has expanded from a Microsoft 365-focused phishing kit into a broader account-compromise platform targeting AWS, Okta, Xerox DocuShare, and major Russian services such as MAX Messenger, Mail.ru, Yandex Disk, and Odnoklassniki. By abusing device code phishing and OAuth token capture, the operators can bypass MFA and steal access tokens without ever needing a victim’s password. #Kali365 #Microsoft365 #MAXMessenger #AWS #Okta #XeroxDocuShare #Mailru #YandexDisk #Odnoklassniki
Keypoints
- Kali365 has grown into a wider credential theft platform.
- The kit now targets AWS, Okta, Xerox DocuShare, and Russian online services.
- It uses device code phishing to bypass MFA protections.
- Victims are tricked into completing authentication for the attacker.
- Researchers found 126 malicious hosts and advised security awareness training.
Read More: https://www.darkreading.com/cyber-risk/fbi-flagged-phishing-kit-kali365-expands-its-reach