THE article discusses the expansion of Kali365, a phishing-as-a-service platform previously focused on Microsoft 365, which has now broadened its targeting to include AWS, Okta, and various Russian platforms like MAX Messenger. Kali365 employs device code phishing, manipulating legitimate OAuth 2.0 authorization processes to bypass multifactor authentication. This method allows attackers to gain account access without needing user credentials.
The FBI issued a warning about Kali365, highlighting its sophisticated tools that make phishing accessible even to less skilled attackers. Arctic Wolf's analysis indicates that Kali365’s operations have intensified, with a diverse range of impersonated platforms, increasing the threat to organizations globally. The report emphasizes the need for enhanced security awareness training and protective measures against such phishing techniques.