Skip to content

Phishing Kit Kali365 Expands Attack Surface to AWS and Okta

At a glance: Kali365 diversifies its target platforms and uses device-code phishing to compromise credentials for critical cloud services and identity platforms.

The Kali365 kit, flagged by the FBI as a phishing-as-a-service platform, is no longer targeting only Microsoft 365, but is expanding its targets to AWS, Okta, and Russian platforms. Attacks exploit device-code phishing as the attack vector.

The Kali365 phishing kit has significantly expanded its threat spectrum. Originally designed to compromise Microsoft 365 credentials, the platform now targets additional services such as Amazon Web Services (AWS), Okta, and Russian platforms.

Attackers are leveraging device-code phishing as the primary attack vector. This method bypasses many traditional security controls by operating at the device authentication level rather than requesting credentials directly. This reduces detection rates from security software and increases the likelihood of success in compromising multi-factor authentication systems.

For CISOs, the expansion of Kali365 represents an extended threat landscape: not only Microsoft 365 environments are in focus, but also cloud providers and identity platforms such as Okta, which play central roles in modern infrastructure. An attacker who gains access through these services can broaden their penetration targets significantly and facilitate lateral movement across the network.


Source: www.darkreading.com · Published 2 June 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.2.9.

Share on: