FBI Warns of New Kali365 Phishing Attack Bypassing Microsoft 365 Two-Factor Authentication

The FBI has issued a warning about a new phishing platform called Kali365 targeting Microsoft 365 accounts, which can bypass two-factor authentication (2FA). Unlike traditional phishing that steals passwords, Kali365 exploits the legitimate login process by tricking victims into approving device codes. Attackers send fake approval requests, often via convincing phishing messages, redirecting users to genuine Microsoft authentication pages. When users enter the code, they inadvertently grant attackers access tokens, allowing entry to services like Outlook, Teams, and OneDrive without needing a password.

This access exposes emails, files, chats, and sensitive business information. Attackers can impersonate account owners to commit fraud against employees, customers, and suppliers, especially in small businesses and organizations lacking strict security policies. The FBI highlights key warning signs: unexpected device code requests, urgent messages demanding immediate action, and links from unknown sources. Users who did not initiate a login on a new device should not enter codes or approve requests.

The FBI advises accessing Microsoft services only through official websites or apps, avoiding links from emails or messages. They emphasize maintaining 2FA but caution that it is not foolproof against social engineering. Microsoft supports the FBI's guidance and is actively disrupting cybercriminals using these tactics. For organizations, the FBI recommends restricting device code login usage, reviewing necessary authentication processes, and blocking mechanisms that could let attackers bypass existing security layers.