The FBI is warning that a new hacking platform is allowing cybercriminals to hijack Microsoft 365 accounts — including Outlook, Teams and OneDrive — while bypassing multi-factor authentication entirely.
The bureau posted a public service announcement last week sounding the alarm about the “Phishing-as-a-Service” toolkit known as Kali365, which is being used to steal Microsoft 365 access tokens and gain entry to victim accounts without intercepting passwords.
The feds say that Kali365 makes it easy for even amateur hackers to run advanced phishing scams that used to require serious technical skills.
“Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities,” the FBI warned.
Read Full Article Here
