FBI Issues Urgent Alert Over New Phishing Service Hijacking Microsoft Accounts
By 813 Staff
Silicon Valley insiders report FBI Issues Urgent Alert Over New Phishing Service Hijacking Microsoft Accounts, according to BleepingComputer (@BleepinComputer) (in the last 24 hours).
Source: https://x.com/BleepinComputer/status/2058892910012010942
A Russian-speaking threat actor has branded their latest phishing kit with a logo that mimics a legitimate security vendor, and internal documents show the FBI is now warning enterprises about a surge in attacks tied to a service called Kali365. According to a post from BleepingComputer (@BleepinComputer) on May 25, the bureau issued a private industry alert this week detailing how Kali365 is specifically engineered to bypass multi-factor authentication protections on Microsoft 365 accounts. The service, which sells for roughly $200 per month on underground forums, uses adversary-in-the-middle techniques to intercept session cookies in real time, allowing attackers to log into a victim's account without ever needing their password or a one-time code.
Engineers close to the project say the FBI's alert stems from a coordinated campaign that has already compromised dozens of organizations since early April, with healthcare, finance, and energy sectors bearing the brunt. The perpetrators are not just stealing login credentials—they are harvesting entire mailbox contents and setting up email forwarding rules to maintain persistent access. One internal memo from a major cybersecurity firm, reviewed by this publication, describes Kali365 as "a turnkey operation" that even non-technical criminals can use to launch phishing lures disguised as DocuSign requests and SharePoint notifications. The rollout has been anything but smooth for its victims: several IT administrators reported that red flags, such as unexpected conditional access policy changes, were overlooked until after data exfiltration occurred.
What makes Kali365 particularly insidious is its backend dashboard, which provides real-time logs of stolen session tokens and offers "account health" monitoring so that attackers know exactly when a target changes their password. The FBI alert urges companies to enforce phishing-resistant MFA methods like FIDO2 security keys and to monitor for anomalous "impossible travel" logins, though sources say many organizations are still relying on SMS-based codes that Kali365 can easily intercept.
As of this morning, the Telegram channel used to distribute Kali365 is still active, and researchers tracking the group—tentatively linked to the same operators behind the 2023 Greatness phishing kit—expect an updated version to surface within weeks. The bureau has not named specific victims, but the message to enterprise security teams is blunt: assume your MFA is not enough.
Source: https://x.com/BleepinComputer/status/2058892910012010942
