FBI warns of Kali Oauth stealers
The FBI has warned of the danger from a new wave of phishing attacks generated by a tool called Kali365. It enables cyber criminals to obtain Microsoft 365 access tokens and bypass multi-factor authentication (MFA) protocols without intercepting the user’s credentials by capturing Oauth tokens linked to the victim’s Microsoft 365 account. The scam works in a similar way to most phishing attacks. An attacker sends an email purporting to be from a trusted cloud document sharing service, including instructions to enter a particular code on a legitimate Microsoft site. The code, however, authorizes the attacker’s device to access the victim’s Microsoft account. The FBI has issued a set of instructions for IT security managers to help mitigate the Kali365 attack before it affects their users. These include creating a conditional access policy to block code flow for all users, with exceptions for the necessary business processes. Managers should also block authentication transfer policies, p