The FBI has warned that Kali365 is a growing phishing-as-a-service platform that steals Microsoft 365 OAuth access tokens by abusing device code authorizations and bypassing multi-factor authentication. The tool gives attackers persistent access to accounts and can enable data theft, fraud, extortion, and ransomware activity. #FBI #Kali365 #Microsoft365 #OAuth
Keypoints
- Kali365 uses device-code phishing to bypass multi-factor authentication.
- The platform tricks users into granting access through OAuth device code authorizations.
- Captured Microsoft 365 tokens can provide persistent access to victim accounts.
- The FBI says Kali365 is distributed on Telegram and lowers the barrier for attackers.
- Proofpoint and Arctic Wolf have observed rapid growth and large-scale use of these tools.
Read More: https://cyberscoop.com/fbi-phishing-kali365-microsoft365-access-tokens/