New attack threatens Microsoft 365 users
The FBI has discovered a new threat on the Internet, identified as Kali365, which primarily targets users of the Microsoft 365 cloud office suite. It is a phishing-as-a-service platform that is spreading among cybercriminals primarily through the popular messaging app Telegram. According to the FBI, this platform significantly lowers the entry threshold for carrying out attacks. It allows less technically savvy attackers to access artificial intelligence-generated “fishing” baits.
The attack itself is delivered to victims via email. The user first receives an email that falsely claims to be from a trusted cloud productivity service or document sharing platform. The message includes a device-specific code and instructions to visit a legitimate Microsoft verification page and enter the code.
When the recipient actually opens the real Microsoft website and types or pastes the code into it, they unknowingly share their “OAuth” access code with the attacker. The attacker can then use this information on their own computer to gain direct access to the victim’s Microsoft 365 account. The FBI warns that once the process is successfully completed, cybercriminals can freely access key services such as Outlook, Teams, and OneDrive without having to enter a password or take any additional steps for multi-factor authentication.
Proofpoint points out that this type of device phishing is currently experiencing an explosion in the cyberthreat world, with new tools emerging every week. This exponential growth directly coincides with the public disclosure of criminal tools and the emergence of numerous phishing-as-a-service offers. Most defenses against this type of threat are implemented at the enterprise level, where blocking device authentication or implementing conditional access policies can help prevent or limit these attacks.
For regular users, however, it is crucial to be aware that tokens can be stolen in this way and used on an attacker's device. Therefore, it is essential to exercise common sense. This means not following links to documents you are not expecting, being wary of any email that asks for action, and always checking the validity of the message before clicking.























