FBI Warns Kali365 Phishing Kit Is Hijacking Microsoft 365 Logins

Hundreds of companies, government agencies and healthcare providers logged into what looked like an ordinary Microsoft sign-in page this spring. Within minutes, attackers were reading their email, sifting through their SharePoint files and impersonating them on Microsoft Teams. There was no password breach to clean up and no obvious sign that multi-factor authentication had failed. The intruders simply walked in with a stolen session token, courtesy of a new criminal subscription service called Kali365.

On May 21, the FBI's Internet Crime Complaint Center issued a public service announcement, numbered I-052126-PSA, warning that the kit is being used to compromise Microsoft 365 environments at scale. The bureau described Kali365 as a phishing-as-a-service platform that "lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities." Distributed quietly through Telegram channels since April, it has already spawned a wave of incidents that defenders are still untangling.

A turnkey kit for the post-password era

For years, phishing kits chased passwords. Kali365 chases something more valuable. The platform abuses Microsoft's legitimate OAuth 2.0 device authorization flow, the same mechanism that lets users sign into Microsoft 365 on a smart TV or a console. The attacker initiates the flow from their own machine, generates a short device code, and then sends a lure that asks the target to enter the code at the genuine microsoft.com/devicelogin page.

Because the page is real, browser warnings, URL filters and many anti-phishing tools see nothing wrong. Once the victim completes the sign-in and clears the multi-factor prompt, Microsoft does exactly what the protocol tells it to do: it hands an access token and a refresh token to the device that requested the code. That device, of course, belongs to the attacker.

"The stolen tokens grant access without requiring passwords or additional MFA challenges," the FBI advisory notes. Defenders cannot revoke them by resetting a password, and most user-facing security prompts are bypassed entirely because the attacker is not signing in again, only refreshing a session Microsoft already approved.

Cookie Link and the adversary in the middle

Device code phishing is only half of the Kali365 toolkit. Researchers at Arctic Wolf, who infiltrated the platform's admin panels, found a second mode called Cookie Link that uses a classic adversary-in-the-middle (AiTM) design. Victims receive what looks like a DocuSign, Adobe Acrobat Sign or SharePoint share notification, and the link routes them through attacker-controlled infrastructure that silently proxies the entire Microsoft login.

The user sees Microsoft's authentic sign-in screen, types a real password and answers a real MFA prompt. The proxy passes every keystroke to Microsoft and pipes the response back, but it also grabs the authenticated session cookie that Microsoft returns. The attacker can then replay that cookie from their own browser and step straight into the account. Anti-phishing detections that look for fake login pages or stolen credentials see a clean handshake, because the credentials never touched a fake form.

That dual capability is what has alarmed responders. The FBI advisory and follow-on reporting describe Kali365 as a one-stop platform with branded templates impersonating Adobe, DocuSign and SharePoint, support for 14 languages, a downloadable desktop client, and dashboards that track which targets opened which lure in real time.

Who is being hit

Arctic Wolf and Proofpoint have documented hundreds of Kali365-linked intrusions in April alone. Selena Larson, a senior threat researcher at Proofpoint, told reporters the campaigns are striking organizations across North America and Europe, with concentrations in education, healthcare, financial services, insurance, manufacturing and government.

The mix is not random. Those sectors share three traits that PhaaS operators love:

• Heavy reliance on Microsoft 365 for email, file sharing and identity
• Large user populations that include contractors, students or part-time staff who are difficult to train
• High-value data, from medical records and student information to wire-transfer authority

Once an account is hijacked, the playbook is familiar. Operators search for finance and HR threads, register inbox rules that hide replies, and pivot to business email compromise or extortion. Because the attacker is operating as a fully authenticated user with a valid token, internal phishing from a hijacked mailbox is easier to land than any external lure.

The PhaaS arms race after EvilProxy and Tycoon

Kali365 did not appear in a vacuum. It is the latest entry in a phishing-as-a-service market that has been industrializing since 2022, when EvilProxy popularized cookie-stealing reverse proxy attacks and showed how reliably AiTM could defeat ordinary MFA. Tycoon 2FA, which surged through 2024 and 2025, refined the model with cheaper subscriptions and aggressive evasion against Microsoft Defender. Smaller services like Caffeine and EvilTokens filled in the edges.

What sets Kali365 apart is its commercial polish. Subscriptions run from $250 for 30 days to $2,000 for a year, paid in cryptocurrency through a processor that skips identity checks. The platform offers a three-tier structure: clients who run their own campaigns, agents who resell access, and admins who maintain the code. According to The Register and BleepingComputer, Microsoft has separately observed "hundreds of compromises occurring daily" from device-code style attacks, with payloads varied enough to defeat pattern-based detection.

The economic story is grim for defenders. Each generation of kit pushes the technical bar lower while pushing detection complexity higher. A criminal with no coding skill can now buy capabilities that, three years ago, required a small development team.

What the FBI tells defenders to do

The advisory is unusually direct about controls. Rather than the generic "enable MFA" guidance that has long been standard, the FBI focuses on the specific authentication flows Kali365 exploits.

• Block or restrict device code flow using Microsoft Entra Conditional Access policies, allowing it only for the narrow set of users and apps that genuinely need it
• Audit existing device code usage in tenant logs before enforcing restrictions, so legitimate workflows are not broken
• Block authentication transfer policies that let a sign-in started on one device complete on another
• Exclude emergency access accounts from these restrictions so administrators are not locked out
• Preserve evidence of phishing emails, suspicious sign-ins and unauthorized device registrations, and report incidents to the Internet Crime Complaint Center

Beyond the FBI's list, security teams are also being urged to enforce phishing-resistant MFA such as FIDO2 hardware keys for privileged accounts, monitor for anomalous OAuth token issuance, and review the list of registered devices on every tenant. Token theft is invisible at the password layer; the signal lives in identity logs.

The bigger problem the advisory hints at

The deeper message of the Kali365 warning is that cloud identity, not the endpoint, is now the front line. Microsoft 365 has become the operating system of the modern office, and the tokens that authorize it are the new crown jewels. Phishing-as-a-service operators have noticed, and they are building tools that treat MFA as a speed bump rather than a wall.

For chief information security officers, that means the next budget cycle is likely to look less like spam filtering and more like identity engineering. For everyone else who signs into a Microsoft account several times a day, it is a reminder that the most dangerous phishing link in 2026 may be the one that takes you to a page that is entirely, genuinely real.