FBI warns Microsoft users over phishing kit targeting accounts

By Aurax Radio | May 28, 2026 | 2 min read

A new wave of phishing activity targeting Microsoft users has prompted warnings from cybersecurity authorities and researchers, amid concerns that attackers are using increasingly sophisticated tools to bypass multi-factor authentication and steal login credentials. The developments involve a phishing kit known as “Kali365,” which researchers say is designed to imitate legitimate Microsoft login pages and compromise accounts tied to widely used services.

Laptop showing a counterfeit Microsoft login page designed for phishing attacks.

Cybersecurity researchers say phishing pages mimicking Microsoft login portals are being used to steal user credentials.

Security alerts attributed to the FBI and independent cybersecurity researchers highlight an ongoing campaign targeting users of Microsoft Outlook, Microsoft Teams, and Microsoft OneDrive. The phishing kit, described in recent analysis by researchers at Malwarebytes, is designed to mimic Microsoft authentication pages and intercept credentials even when users have multi-factor authentication enabled. Security experts say the toolkit reflects a broader trend in cybercrime in which attackers increasingly rely on “phishing-as-a-service” models that lower the technical barrier for conducting large-scale campaigns.

The phishing activity centers on fraudulent login pages that are distributed through email messages and malicious links, often disguised as routine account alerts or document-sharing notifications. Once users enter their credentials, the information is transmitted to attackers in real time, allowing them to access accounts and potentially pivot into connected services. Researchers note that the inclusion of MFA-bypass techniques marks an evolution from earlier phishing efforts, which were often blocked by additional authentication steps.

Security analyst monitoring phishing activity on multiple computer screens in an operations center.

Analysts are tracking phishing campaigns targeting Microsoft Outlook, Teams and OneDrive users.

Microsoft services remain a frequent target for cybercriminals due to their widespread use in corporate and personal environments, making them a high-value entry point for data theft and business email compromise schemes. Security analysts have previously warned that compromised cloud accounts can lead to broader network breaches, particularly in organizations that rely heavily on integrated platforms for communication and file storage. The emergence of more adaptive phishing kits has intensified pressure on both users and providers to strengthen authentication safeguards and improve detection systems.

Authorities and researchers are urging users to scrutinize login prompts carefully, avoid entering credentials through emailed links, and rely on verified access points when signing into accounts. While investigations into the latest campaign continue, analysts say the activity underscores how phishing operations continue to evolve alongside defensive technologies, maintaining a persistent threat to widely used digital services.

Sources: Reporting and analysis from AL.com and Malwarebytes cybersecurity blog.

Page updated

Google Sites

Report abuse