Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Kratos PhaaS Targets Microsoft 365 Users Globally

Kratos PhaaS Targets Microsoft 365 Users Globally

Posted on July 16, 2026 By CWS

Kratos, a sophisticated phishing-as-a-service (PhaaS) platform, is increasingly targeting Microsoft 365 users across the globe. This operation effectively deceives victims by mimicking document sharing and invoice notifications, ultimately leading them to counterfeit login screens.

Widespread Impact on Organizations

The Kratos campaign poses a significant threat to a diverse array of entities, including small enterprises, legal practices, educational institutions, industrial companies, and government bodies. Once a Microsoft 365 account is compromised, attackers can access a wealth of sensitive information, such as emails, files in SharePoint and OneDrive, and financial discussions, which can be exploited for fraudulent purposes.

According to analysts from ANY.RUN, three versions of Kratos have been identified, with the latest iterations being observed over 1,600 times in sandbox environments. The Kratos service, first noted in January 2026, has been operational since September 2025, simplifying the deployment of phishing attacks through a user-friendly panel that manages domain setup, data collection, geographic targeting, and anti-bot measures.

Phishing Techniques and Delivery Methods

Kratos initiates attacks with emails that imply a document has been shared, an invoice requires attention, or a DocuSign process is pending. These emails frequently bypass corporate filters, posing a persistent threat due to their familiar appearance. The emails often redirect victims through legitimate platforms before landing them on credential-stealing sites.

SharePoint and OneDrive are commonly used pathways, though attackers also leverage services like Microsoft Forms, Canva, and Tilda to make their phishing chain appear authentic. Before displaying a fake Microsoft login page, Kratos often presents a Cloudflare Turnstile screen to deter automated defenses.

Detection and Defensive Strategies

Kratos has evolved from simple phishing tactics to more sophisticated methods that closely resemble Microsoft’s sign-in pages. Versions V1 and V2 employ distinct assets and domain connections, with specific file pairings like barr.svg and lg.svg serving as reliable indicators for threat detection efforts.

Security teams are advised to analyze asset requests, page behaviors, and credential collection methods rather than relying on isolated signals, as domain rotation is a common evasion tactic among attackers. While blocking attacker-controlled domains is essential, reviewing shared domains is crucial to avoid disrupting legitimate services.

In cases of credential harvesting, immediate password resets and multifactor authentication checks are necessary. For advanced threats like attacker-in-the-middle phishing, revoking active sessions, refreshing tokens, and investigating suspicious sign-ins are recommended actions to secure affected accounts.

To bolster security operations, integrating advanced threat detection tools like ANY.RUN with existing systems can enhance rapid investigations and improve response times.

Cyber Security News Tags:cloud security, credential theft, cyber attack, Cybersecurity, email phishing, Kratos PhaaS, Microsoft 365, phishing attack, secure file sharing, threat detection

Post navigation

Previous Post: Oak Secures $60 Million for AI Identity System

Related Posts

Cloudflare Accuses Perplexity AI For Evading Firewalls and Crawling Websites by Changing User Agent Cloudflare Accuses Perplexity AI For Evading Firewalls and Crawling Websites by Changing User Agent Cyber Security News
Critical Fortinet FortiWeb Vulnerability Exploited in the Wild to Create Admin Accounts Critical Fortinet FortiWeb Vulnerability Exploited in the Wild to Create Admin Accounts Cyber Security News
New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files New ‘Sindoor Dropper’ Malware Targets Linux Systems with Weaponized .desktop Files Cyber Security News
Chinese Hackers Use AI Tools in Sophisticated Cyberattacks Chinese Hackers Use AI Tools in Sophisticated Cyberattacks Cyber Security News
Critical Instagram AI Flaw Exposed by Researchers Critical Instagram AI Flaw Exposed by Researchers Cyber Security News
Weaver E-cology RCE Flaw Under Active Exploitation Weaver E-cology RCE Flaw Under Active Exploitation Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System
  • Shark Vacuum Vulnerability Risks Remote Control
  • OpenAI Unveils GPT-Red for Enhanced AI Security
  • Critical Vulnerabilities Patched by Splunk and Zoom

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Kratos PhaaS Targets Microsoft 365 Users Globally
  • Oak Secures $60 Million for AI Identity System
  • Shark Vacuum Vulnerability Risks Remote Control
  • OpenAI Unveils GPT-Red for Enhanced AI Security
  • Critical Vulnerabilities Patched by Splunk and Zoom

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark