| The Federal Bureau of Investigation (FBI) issued this Public Service Announcement (PSA) to warn the public about an emerging Phishing-as-a-Service (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials. |
| Through the Kali365 platform subscription, cyber threat actors can capture “OAuth” tokens and gain persistent access to targeted individuals/entities’ Microsoft 365 environments. Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities. |
| This PSA contains an overview of how the scam works, tips to protect yourself, and is being provided to assist agencies, organizations, and individuals in guarding against the persistent malicious actions of cybercriminals. |