Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Kratos PhaaS Targets Microsoft 365 Users Globally

Kratos PhaaS Targets Microsoft 365 Users Globally

Posted on July 16, 2026 By CWS

Kratos, a sophisticated phishing-as-a-service (PhaaS) platform, is increasingly targeting Microsoft 365 users across the globe. This operation effectively deceives victims by mimicking document sharing and invoice notifications, ultimately leading them to counterfeit login screens.

Widespread Impact on Organizations

The Kratos campaign poses a significant threat to a diverse array of entities, including small enterprises, legal practices, educational institutions, industrial companies, and government bodies. Once a Microsoft 365 account is compromised, attackers can access a wealth of sensitive information, such as emails, files in SharePoint and OneDrive, and financial discussions, which can be exploited for fraudulent purposes.

According to analysts from ANY.RUN, three versions of Kratos have been identified, with the latest iterations being observed over 1,600 times in sandbox environments. The Kratos service, first noted in January 2026, has been operational since September 2025, simplifying the deployment of phishing attacks through a user-friendly panel that manages domain setup, data collection, geographic targeting, and anti-bot measures.

Phishing Techniques and Delivery Methods

Kratos initiates attacks with emails that imply a document has been shared, an invoice requires attention, or a DocuSign process is pending. These emails frequently bypass corporate filters, posing a persistent threat due to their familiar appearance. The emails often redirect victims through legitimate platforms before landing them on credential-stealing sites.

SharePoint and OneDrive are commonly used pathways, though attackers also leverage services like Microsoft Forms, Canva, and Tilda to make their phishing chain appear authentic. Before displaying a fake Microsoft login page, Kratos often presents a Cloudflare Turnstile screen to deter automated defenses.

Detection and Defensive Strategies

Kratos has evolved from simple phishing tactics to more sophisticated methods that closely resemble Microsoft’s sign-in pages. Versions V1 and V2 employ distinct assets and domain connections, with specific file pairings like barr.svg and lg.svg serving as reliable indicators for threat detection efforts.

Security teams are advised to analyze asset requests, page behaviors, and credential collection methods rather than relying on isolated signals, as domain rotation is a common evasion tactic among attackers. While blocking attacker-controlled domains is essential, reviewing shared domains is crucial to avoid disrupting legitimate services.

In cases of credential harvesting, immediate password resets and multifactor authentication checks are necessary. For advanced threats like attacker-in-the-middle phishing, revoking active sessions, refreshing tokens, and investigating suspicious sign-ins are recommended actions to secure affected accounts.

To bolster security operations, integrating advanced threat detection tools like ANY.RUN with existing systems can enhance rapid investigations and improve response times.

Cyber Security News Tags:cloud security, credential theft, cyber attack, Cybersecurity, email phishing, Kratos PhaaS, Microsoft 365, phishing attack, secure file sharing, threat detection

Post navigation

Previous Post: Oak Secures $60 Million for AI Identity System
Next Post: TELEPUZ Malware Expands via ClickFix, Steals Data

Related Posts

New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands New Chaosbot Leveraging CiscoVPN and Active Directory Passwords to Execute Network Commands Cyber Security News
Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics Careto Hacker Group is Back After 10 Years of Silence with New Attack Tactics Cyber Security News
Hacker Extradited to US for Stealing Over .5 Million in Tax Fraud Attacks Hacker Extradited to US for Stealing Over $2.5 Million in Tax Fraud Attacks Cyber Security News
‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data ‘The Gentlemen’ Ransomware Group with Dual-Extortion Strategy Encrypts and Exfiltrates Data Cyber Security News
Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards Cyber Security News
Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025 Microsoft Authenticator to Discontinue Password Support and Cease Operations by August 2025 Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison
  • TELEPUZ Malware Expands via ClickFix, Steals Data
  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Mac Malware Exploits Telegram Sessions for Unauthorized Access
  • UK Sentences Scattered Spider Hackers to Prison
  • TELEPUZ Malware Expands via ClickFix, Steals Data
  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark