HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

FBI Alerts to Kali365 Phishing Service Bypassing MFA on Microsoft 365 Accounts

The FBI has flagged a new phishing‑as‑a‑service kit, Kali365, that can bypass multi‑factor authentication and hijack Microsoft 365 accounts without passwords. The service is publicly marketed, raising the risk of credential compromise for any organization that relies on Microsoft 365. TPRM teams should reassess cloud‑access controls and vendor dependencies.

LiveThreat™ Intelligence · 📅 May 23, 2026· 📰 hackread.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
4 recommended
📰
Source
hackread.com

FBI Warns of Kali365 Phishing Service Bypassing MFA on Microsoft 365 Accounts

What Happened — The FBI has issued an advisory on a new phishing‑as‑a‑service kit called Kali365 that enables threat actors to sidestep multi‑factor authentication (MFA) and hijack Microsoft 365 accounts without needing the user’s password. The service is marketed as a turnkey solution for credential‑stealing campaigns targeting enterprise SaaS environments.

Why It Matters for TPRM

  • MFA‑bypass tools dramatically increase the likelihood of credential compromise across third‑party cloud services.
  • Organizations that rely on Microsoft 365 for email, collaboration, and identity management may face data exfiltration or business‑email‑compromise (BEC) attacks.
  • The service is sold publicly, meaning any adversary with modest resources can launch attacks against your vendors or partners.

Who Is Affected — Cloud‑based SaaS providers (especially Microsoft 365), their enterprise customers, and any downstream vendors that depend on Microsoft 365 for authentication or data sharing.

Recommended Actions

  • Review all third‑party contracts that involve Microsoft 365 or other Office 365 services.
  • Enforce conditional access policies that require hardware‑based MFA and block legacy authentication.
  • Conduct phishing‑simulation training and implement real‑time MFA‑challenge monitoring.

Technical Notes — Kali365 leverages sophisticated social‑engineering templates combined with credential‑harvesting pages that mimic Microsoft login portals. It exploits MFA fatigue and token‑relay techniques to obtain valid session tokens, allowing attackers to access accounts without the password. No specific CVE is cited; the threat is operational rather than a software vulnerability. Source: HackRead

📰 Original Source
https://hackread.com/fbi-kali365-phishing-service-microsoft-365-account/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Access is where most audits get tested.

Verisq AI Trust Operations maps incidents like this to your access controls and collects the evidence continuously, keeping your SOC 2 posture defensible.

See where you'd stand with Verisq AI Trust Operations →