• Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Login
Join Free
Home
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Asia
Africa
Europe
Latin America
Middle East
North America
Coming Soon
Job Board
Events
Contact Awards
USMC Deception Manual
Login
Join Free
Home Global Operations

New Phishing Tool Lets Hackers Access Microsoft Accounts, FBI Says

  • SOFX Staff Writer
  • May 29, 2026
(Credit: Erman Gunes / Shutterstock.com)
Share on FacebookShare on TwitterLinkedIn

The FBI is warning about a new phishing platform that allows cybercriminals to hijack Microsoft 365 accounts and bypass multi-factor authentication protections.

In a public safety announcement issued May 21, the FBI said the phishing-as-a-service platform known as Kali365 is being used to steal Microsoft 365 access tokens, giving attackers access to services such as Outlook, Teams and OneDrive without needing victims’ passwords.

The FBI said the tool was first observed in April and has primarily been distributed through Telegram, where it is reportedly offered for as little as $250 per month.

According to the FBI, victims receive phishing emails posing as SharePoint, OneDrive or Microsoft Teams notifications that direct them to Microsoft’s legitimate device login page and instruct them to enter a temporary authentication code.

Once the victim completes the process and passes multi-factor authentication checks, Microsoft issues OAuth access and refresh tokens directly to the attackers, allowing them to access Outlook inboxes, Teams accounts and cloud-stored files without needing the victim’s password.

Once the tokens are compromised, attackers can continue accessing Microsoft services without repeatedly logging in as long as the token remains active.

Matt Burk, chief information security officer at Bespoke Concierge MD, told the New York Post that nearly anyone using Microsoft 365 could be vulnerable to the attacks.

“I absolutely hate to generalize, but everyone from a small mom-and-pop business to a large Fortune 500 company,” he said. “Everybody should be concerned with this exploit.”

Burk advised organizations to use third-party Security Information and Event Management systems to detect suspicious authentication activity linked to token theft. “Using these tools can detect access like the Kali365 exploit and with the correct security features can automatically shut down the connection,” he said.

To protect against the attack, the FBI said organizations should create a conditional access policy to block device code flow for all users, with limited exceptions for required business processes.

It also advised auditing existing device code flow usage to identify legitimate dependencies before implementing such a policy.

The bureau also recommended blocking authentication transfer policies to prevent users from transferring authentication from computers to mobile devices. If device code flow cannot be fully restricted, the FBI said emergency access accounts should be excluded to prevent lockouts.

The FBI urged users to report suspicious login attempts, phishing emails, unauthorized devices or active sessions added to accounts to the Internet Crime Complaint Center.

Meanwhile, Microsoft said it is “actively working to disrupt the cybercriminal ecosystems behind phishing-as-a-service and account takeover activity to protect our customers.”

SOFX Staff Writer

SOFX Staff Writer

The Editor Staff at SOFX comprises a diverse, global team of dedicated staff writers and skilled freelancers. Together, they form the backbone of our reporting and content creation.

Subscribe
Login
Notify of
guest
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
ADVERTISEMENT

Trending News

Army’s $469M Texas Munitions Plant Fails to Deliver a Single Shell Component

Army’s $469M Texas Munitions Plant Fails to Deliver a Single Shell Component

by SOFX Staff Writer
July 15, 2026
1

A contractor-operated plant in Mesquite, Texas, built to produce 30,000 155mm projectile components per month, has not delivered a single...

Pentagon Releases Fourth UAP Tranche, Including Space Shuttle Columbia Photographs

Pentagon Releases Fourth UAP Tranche, Including Space Shuttle Columbia Photographs

by SOFX Staff Writer
July 10, 2026
0

The Department of War released 40 previously classified files related to unidentified anomalous phenomena on Friday, adding photographs from a...

Viral Video Shows a Russian Gunner Flung From a Runaway Machine Gun

Viral Video Shows a Russian Gunner Flung From a Runaway Machine Gun

by SOFX Staff Writer
July 15, 2026
1

A viral video shows a Russian soldier thrown from a YakB-12.7 rotary machine gun during a training exercise after the...

Hegseth Orders Testosterone Screening for U.S. Troops

Hegseth Orders Testosterone Screening for U.S. Troops

by SOFX Staff Writer
July 16, 2026
4

War Secretary Pete Hegseth announced Wednesday that the U.S. military will begin annually screening service members aged 30 and older...

ADVERTISEMENT
ADVERTISEMENT
Next Post
Adversaries Tracked U.S. Troops in Active War Zones Through Phone Ad Data, CENTCOM Says

Adversaries Tracked U.S. Troops in Active War Zones Through Phone Ad Data, CENTCOM Says

Russia Signs Military Partnership Deal With Taliban

Russia Signs Military Partnership Deal With Taliban

997 Morrison Dr. Suite 200, Charleston, SC 29403

News

  • Global Operations
  • Special Interest
  • Industry
  • Global Operations
  • Special Interest
  • Industry

Resources

  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
  • About Us
  • Contact Us
  • Advertise with Us
  • Editorial Policy
  • Privacy Policy
No Result
View All Result
  • Home
  • News
    • Global Operations
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
    • Industry
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
    • Special Interest
      • Asia
      • Africa
      • Europe
      • Latin America
      • Middle East
      • North America
      • Oceana
  • Market
    • Wired to Win
    • SOFX.NET
  • Intelligence
    • USMC Deception Manual
  • Resources
    • Contact Us
    • About Us
    • Editorial Policy
    • Privacy Policy
Subscribe
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.

Log in to your account

Lost your password?
wpDiscuz