The FBI does not issue IC3 public advisories about every phishing tool in circulation. The publication of a specific advisory about Kali365 reflects an assessment that the platform has reached a scale and level of use that justifies broad notification to the organizations it is actively targeting which includes businesses in education, healthcare, finance, and government across the United States.

What Kali365 Actually Does – The Technical Mechanics That Matter

Understanding why Kali365 bypasses MFA requires understanding how it actually works, because the mechanism is different from what most people assume when they hear “phishing attack.”

A conventional phishing attack captures a username and password. The user receives a convincing fake login page, enters their credentials, and those credentials are sent to the attacker. Against this kind of attack, MFA provides meaningful protection even if the attacker has the password, they cannot authenticate without the second factor.

Kali365 uses an adversary-in-the-middle architecture that operates differently. The phishing page does not just collect credentials. It acts as a real-time proxy between the victim and the actual Microsoft 365 login system.

Here is the sequence: The victim receives a convincing phishing email a fake voicemail notification, a document sharing request, an account security alert and clicks through to what appears to be a Microsoft login portal. That portal is the Kali365 infrastructure. When the victim enters their credentials, Kali365 forwards them in real time to the actual Microsoft 365 authentication system. Microsoft responds with the real MFA challenge the push notification, the authenticator code request. The victim, believing they are logging into Microsoft, completes the MFA challenge. Microsoft issues an authenticated session token. Kali365 captures that token.

At this point, the attacker has not just a stolen password. They have a live, authenticated session token that represents a completed authentication MFA and all. They can use that token to access the victim’s Microsoft 365 account as an authenticated user without needing to go through the authentication process again. The MFA was completed. The token is valid. The session is active.

The victim, in most cases, may not immediately notice anything wrong. They may have been redirected to the real Microsoft 365 interface after the phishing page completed its work. They have effectively authenticated twice once for the attacker, once for themselves without being aware that the first authentication fed a session token to a criminal’s collection panel.

This is why the FBI’s advisory emphasizes that compromised accounts are used for business email compromise schemes, financial fraud, lateral movement within organizations, and additional phishing attacks against other users. A live authenticated session provides everything an attacker needs to operate within the victim’s Microsoft 365 environment reading emails, accessing SharePoint, monitoring Teams conversations, reaching connected enterprise services, and using the compromised account’s trusted identity to target colleagues with follow-on attacks that are difficult to distinguish from legitimate communications.

Why Microsoft 365 Is the Specific Target

The focus on Microsoft 365 is not coincidental or arbitrary. It reflects a specific assessment of where credential theft produces the highest return for the least resistance.

Microsoft 365 accounts occupy a unique position in enterprise environments. A single account credential provides access to corporate email, calendar, contacts, OneDrive file storage, SharePoint document repositories, Teams communications, and potentially dozens of connected third-party services that trust the Microsoft identity. In many organizations, the Microsoft 365 identity is the primary enterprise identity the credential that unlocks most of what an employee does in their digital workday.

From an attacker’s perspective, a single successful Microsoft 365 account compromise provides the reconnaissance capability, the communication access, and the trust relationships needed to execute business email compromise schemes without requiring any additional intrusion capability. Once inside a legitimate email account, an attacker can monitor ongoing financial transactions, identify payment relationships, intercept communications, and inject fraudulent instructions that arrive from a trusted, authenticated email address the most difficult category of BEC attack to detect because the sending account is not spoofed but actually compromised.

The scale of Microsoft 365 deployment hundreds of millions of users across virtually every industry and government sector means that a phishing-as-a-service platform targeting Microsoft 365 specifically has an enormous addressable pool of potential victims. The subscription model that Kali365 operates under means that the number of attackers able to deploy this capability is not limited by technical expertise but only by willingness to pay the subscription fee.

Security researchers have been tracking the proliferation of AiTM frameworks Evilginx, Modlishka, Muraena, and others for several years. Kali365 represents the continued evolution and commercialization of this attack category, with ready-made infrastructure, credential collection panels, and automated account compromise capabilities that lower the technical barrier further than earlier frameworks required.

The Sectors Under Active Targeting

The FBI’s advisory identifies four specific sectors as primary targets of Kali365 campaigns education, healthcare, finance, and government and the selection reflects specific characteristics of each sector’s Microsoft 365 deployment and security posture.

Education institutions have high Microsoft 365 penetration, large user populations with varying security awareness, and historically limited security investment relative to their attack surface. University email accounts provide access to research data, financial aid systems, student records, and institutional communications all valuable to attackers pursuing financial fraud or data theft.

Healthcare organizations manage protected health information across Microsoft 365 environments and face regulatory consequences for unauthorized data access under HIPAA that create additional pressure when accounts are compromised. Healthcare has also been identified as the most expensive breach environment for fourteen consecutive years, making it a high-value target for attackers whose business model depends on the financial pressure that account compromise creates.

Financial services institutions use Microsoft 365 for communications that include sensitive transaction information, client data, and the internal communications around financial decisions that BEC attackers specifically seek. A compromised financial services email account can provide the context needed to redirect wire transfers or intercept payment authorizations in ways that are difficult to detect until the funds have moved.

Government agencies at federal, state, and local levels have significantly expanded Microsoft 365 deployments over the past several years as part of modernization programs. Government accounts provide access to communications, procurement systems, personnel records, and the administrative infrastructure of public institutions valuable both for intelligence purposes and as entry points for broader network access.

What the FBI Is Actually Recommending And What It Means in Practice

The FBI’s advisory concludes with a set of recommended defensive measures and it is worth examining these specifically rather than treating them as a generic security checklist, because the recommendations directly address the specific mechanisms that Kali365 exploits.

Phishing-resistant MFA is the most critical recommendation and the one that most directly addresses the AiTM bypass mechanism. Not all MFA is equally resistant to adversary-in-the-middle attacks. SMS-based MFA, authenticator app TOTP codes, and push notification MFA are all vulnerable to the session token capture that Kali365 performs because they complete the authentication challenge regardless of whether the login portal is legitimate or an AiTM proxy.

FIDO security keys physical hardware authenticators that implement the WebAuthn standard are specifically resistant to AiTM attacks because the authentication cryptography is bound to the legitimate domain. A FIDO key will not authenticate against a phishing domain that is proxying the real Microsoft login. The cryptographic verification fails when the domain does not match the legitimate origin the key was registered against, which means the AiTM proxy cannot capture a valid authentication even if the victim attempts to complete the login.

Organizations that have deployed push notification or TOTP-based MFA which represents the majority of MFA deployments are not protected against Kali365 by their current MFA implementation. The transition to FIDO-based authentication is the specific remediation that closes the AiTM bypass mechanism.

Session monitoring and revocation addresses the persistence problem that AiTM attacks create. A captured session token remains valid until it expires or is explicitly revoked. Organizations that detect anomalous login activity login from an unfamiliar location, unusual access patterns, multiple active sessions need to revoke active sessions immediately rather than treating the anomaly as a monitoring alert that requires further investigation before action. The window between token capture and attacker use can be narrow, and delayed response allows attackers to establish additional persistence mechanisms that make the account difficult to fully remediate after the initial session expires.

Legacy authentication restriction addresses a bypass pathway that AiTM attacks can exploit even after session tokens are revoked. Legacy authentication protocols IMAP, POP3, SMTP authentication, and other protocols that predate modern OAuth-based authentication do not support MFA at all. An organization that has deployed MFA for modern authentication but left legacy authentication protocols enabled has a bypass pathway that attackers who obtain credentials through AiTM can exploit to maintain access even after the phished session is revoked.

Conditional access policy review is the defensive layer that can limit the blast radius of compromised accounts even when AiTM capture succeeds. Conditional access policies that restrict session use to known devices, corporate IP ranges, or compliant device postures mean that a captured session token cannot be used from arbitrary attacker infrastructure the token exists but the access policy blocks its use from locations or devices that do not meet the policy requirements. Organizations whose conditional access policies are permissive allowing authenticated sessions from any device or location provide no friction between token capture and attacker access.

The Broader Implication MFA Is Not the Final Answer It Was Presented As

The FBI‘s Kali365 advisory arrives at a moment when the enterprise security industry is working through a difficult recalibration of where MFA fits in the defensive architecture.

The message that “MFA stops most attacks” which was accurate for a period and which drove widespread MFA deployment across enterprise environments is no longer the complete picture. MFA stops most credential stuffing attacks and most simple phishing attacks. It does not stop AiTM phishing frameworks that capture authenticated sessions rather than credentials. It does not stop attackers who use social engineering to manipulate users into approving MFA requests they did not initiate. It does not stop attacks that exploit legacy authentication pathways that bypass MFA entirely.

None of this means MFA is not worth deploying it is still essential and it does stop a large volume of attacks that would otherwise succeed. What it means is that MFA is a necessary but insufficient control for organizations whose Microsoft 365 environments are targeted by commercially available AiTM frameworks that any subscriber can deploy against their users with no particular technical skill required.

The combination of phishing-resistant FIDO authentication, robust conditional access policies, session monitoring, legacy protocol restriction, and employee education that the FBI recommends represents the layered defensive posture that the current threat environment requires not as a future aspiration but as a present necessity for organizations operating in the sectors that Kali365 is actively targeting.

The platform is subscription-based, available on underground forums, and engineered to be used at scale by attackers who did not develop it. The organizations that assume their current MFA deployment makes them adequately protected against this category of attack are operating on an assumption that the FBI’s advisory was specifically published to correct.

Research and Intelligence Sources: FBI

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com