FBI-Flagged Phishing Kit Kali365 Expands Beyond Microsoft 365

Kali365, a phishing service bypassing MFA, now targets AWS and Russian platforms, posing a growing cybersecurity threat.

By Content Team

Jun 3, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Kali365, a phishing-as-a-service platform the FBI warned about last month, has grown far more dangerous. Originally built to bypass MFA on Microsoft 365 accounts, it now targets AWS, Okta, Xerox DocuShare, and a range of Russian platforms — including MAX Messenger, a Kremlin-backed messaging app with over 80 million users.

Arctic Wolf researchers mapped 126 active malicious hosts operating between early and late May, all running the same kit. Kali365 exploits device code phishing, tricking victims into completing authentication on the attacker's behalf — making MFA useless. At least 14 similar kits are now circulating, and the threat is accelerating.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cybercriminals Use LiveChat Platform for Real-Time Phishing Scams

Mar 17, 2026

How Coupang's Data Breach Became a US-South Korea Diplomatic Crisis

Apr 26, 2026

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Mar 20, 2026