FBI Warns of Kali365 Phishing Campaign Targeting Microsoft 365 Users

The Federal Bureau of Investigation has issued an urgent warning regarding a sophisticated phishing campaign dubbed Kali365. This threat specifically targets users of Microsoft 365 services, including Teams, Outlook, and OneDrive. The scheme employs a Browser-in-the-Browser tactic, utilizing deceptive login pop-ups to capture user credentials. Security experts identified that the service is being actively distributed via Telegram channels, enabling even low-skilled threat actors to launch high-impact phishing operations.

Detected first in April 2026, the Kali365 platform automates the creation of professional-looking, fake authentication interfaces. By tricking employees into inputting their corporate credentials into these fraudulent pop-ups, attackers bypass conventional security filters and gain unauthorized access to internal systems. The reliance on Telegram as a distribution medium highlights a growing trend of cybercriminals leveraging encrypted messaging platforms to lower the barrier to entry for credential theft and corporate espionage.

The FBI advisory underscores the necessity for organizations to implement multi-factor authentication and educate employees on identifying deceptive browser pop-ups. For Indian corporations increasingly relying on Microsoft 365 for daily operations, this campaign represents a significant vulnerability. Firms must monitor login logs for anomalous activity and restrict external access to internal communication tools. The persistence of such campaigns reflects the evolving ingenuity of cyber threats, requiring constant vigilance to protect sensitive corporate assets.