Mutant Spider didnt steal a password It called your help des
Mutant Spider didn't steal a password — it called your help desk
The most effective cyberattack on financial services in 2026 didn't use a zero-day, a stolen credential, or a phishing email. It used a phone call. CrowdStrike's 2026 Financial Services Threat Landscape Report — covering April 2025 through March 2026 — names Mutant Spider as the single most active threat to the sector, and the group's primary technique is voice phishing over Microsoft Teams, convincing employees to reset their own MFA. Meanwhile, a separate story from Alibaba made waves in the same week: Qwen3.7-Max ran autonomously for 35 straight hours on a kernel optimization task and undercuts Claude Opus 4.7 by $20 per million tokens.
What You Need to Know: Mutant Spider impersonates internal IT support on Microsoft Teams, gets employees to reset MFA, and registers attacker-controlled devices on the corporate network. The FBI's Kali365 warning shows the same problem from a different angle — a $250/month Telegram service capturing M365 OAuth tokens via the device code flow. The Verizon DBIR confirmed credential theft fell to 13% of breach vectors while vulnerability exploitation climbed to 31%. Separately, Alibaba's Qwen3.7-Max hit ~35 hours of continuous autonomous execution, scored 44.5 on Apex Math Reasoning (vs Claude Opus 4.6 Max's 34.5), and ships at $2.50/$7.50 per million input/output tokens — well under Claude Opus 4.7's $5/$25.
Why It Matters
- The attack that works in 2026 doesn't look like an attack. It looks like a help desk call from a colleague. Help desk identity verification is now a security perimeter.
- MFA doesn't protect against the attacker getting MFA reset. If your help desk resets MFA based on caller identity alone, the control "works exactly as designed" and that's the problem, per CrowdStrike's Adam Meyers.
- Token theft is now a subscription product. Kali365 on Telegram runs $250–$2,000 per month, supports 14 languages, and includes AI-generated phishing lures.
- Alibaba's Qwen3.7-Max makes the agentic-model price war explicit. The model runs 1,158 tool calls in a 35-hour autonomous engineering task and undercuts Claude Opus 4.7 by $20 per million tokens.
- For builders, both stories point at the same structural problem: the security model assumes the attack surface is technical, and the cost model assumes the model is the differentiator. Both assumptions are wrong now.
What Actually Happened
Mutant Spider's Help Desk Playbook
CrowdStrike's 2026 report (covering April 2025 through March 2026) named Mutant Spider as the most active threat to financial services. The group operates by calling employees on Microsoft Teams, impersonating internal IT support, convincing them to reset their own credentials and MFA, and then registering attacker-controlled devices on the corporate network. Once inside, the group deploys custom post-access tools including PrionFlaire, SocksLoader, and SleepyMutagen. CrowdStrike believes the group sells that access to ransomware operators. "Who needs a zero day if all you have to do is call the help desk and say, 'I forgot my password'?" CrowdStrike SVP Adam Meyers told VentureBeat. The post-access toolset and the lateral movement from a single compromised endpoint are the structural concern: the help desk call is step one, the ransom note is step five. (VentureBeat)
The Numbers Behind the Threat
Financial services ranked as the fourth most targeted sector by Q1 2026, accounting for 12% of all observed adversary activity. Globally, financial institutions faced 43% more hands-on-keyboard intrusions in 2025 compared to two years earlier; in North America, that figure was 48%. Big game hunting operators named 423 financial services entities on dedicated leak sites during the reporting period — a 27% increase from the 334 entities named in the prior 12 months. REVENANT SPIDER, which operates the Qilin ransomware-as-a-service program, posted the most financial services victims of any e-crime adversary on its dedicated leak site. The group's financial services victim count jumped from 14 to 97 over the reporting period. (VentureBeat)
Kali365 — The $250/Month Token Stealer
The FBI published a public service announcement on May 21, 2026 warning about Kali365, a phishing-as-a-service platform sold on Telegram for as little as $250 a month. Kali365 captures Microsoft 365 OAuth tokens through the legitimate device code authentication flow. MFA fires on the victim's device, not the attacker's. The token grants persistent access to Outlook, Teams, and OneDrive without triggering another MFA prompt. The device code flow is not a vulnerability — it is a Microsoft-designed feature for devices that cannot support interactive login, like conference room systems and smart TVs. The problem is that default Entra ID configurations do not restrict its use, and most organizations have never audited whether any legitimate workflow actually requires it. (VentureBeat)
The Verizon DBIR Confirmation
The Verizon 2026 Data Breach Investigations Report, also released in May, analyzed more than 22,000 confirmed breaches across 145 countries. Credential abuse dropped to 13% of breach initial access vectors. Vulnerability exploitation took the top position at 31%. The median time for full patching increased to 43 days, up from 32. Organizations patched only 26% of critical flaws in CISA's Known Exploited Vulnerabilities catalog, down from 38% the prior year. Three independent sources — CrowdStrike, FBI, and Verizon — converged on the same structural finding: MFA protects password-based authentication, but the attacks dominating financial services increasingly bypass password theft through resets, token grants, and exploitation. (Verizon DBIR)
Qwen3.7-Max — 35 Hours of Autonomy
Alibaba's Qwen team released Qwen3.7-Max on May 21, 2026, with a reported ~35 hours of continuous autonomous execution. The marquee demo: the model was given access to an isolated server with a T-Head ZW-M890 PPU (a hardware architecture the model had never encountered during training) and asked to optimize an attention kernel. Over 35 straight hours, it executed 1,158 distinct tool calls, performed 432 kernel evaluations, diagnosed compilation failures, and iteratively improved the code to achieve a 10.0x geometric mean speedup. By comparison, z.ai's GLM-5.1 and Moonshot's Kimi K2.6 capped at 7.3x and 5.0x speedups, often voluntarily terminating their sessions when they failed to make progress. (VentureBeat)
Qwen3.7-Max Pricing and Benchmark
The model is API-only and proprietary — a notable shift from Qwen's open-source track record. API pricing on Alibaba Cloud Model Studio: $2.50 per 1M input tokens, $7.50 per 1M output tokens. That's the same input cost as GPT-5.4 but less than half the output cost. For context: Claude Opus 4.7 lists at $5/$25 per million input/output tokens — Qwen3.7-Max is $20 cheaper per million tokens combined. On the Apex Math Reasoning benchmark, Qwen3.7-Max scored 44.5 versus Claude Opus-4.6 Max's 34.5 and DeepSeek V4-Pro Max's 38.3. It also posted dominant scores on Humanity's Last Exam (41.4) and the realistic coding agent benchmark MCP-Atlas (76.4). (VentureBeat)
The Take
Two stories, one structural lesson. The financial-services attack surface in 2026 is the help desk, the OAuth device code flow, and the M365 token — not the password, the endpoint, or the firewall. Qwen3.7-Max's release is a parallel story: the model-orchestration layer is no longer the bottleneck, the price-performance frontier is. The implication for builders: the next two years of cybersecurity investment need to fund identity verification workflows (out-of-band callback, hardware key enforcement, Graph API audit) over credential-monitoring tooling, and the next two years of AI spend need to be modeled against autonomous-agent economics, not per-token chat pricing. If you're budgeting for either, plan for the inflection.
Quick Summary
Mutant Spider bypasses MFA by calling your help desk and convincing an employee to reset it — CrowdStrike's 2026 report names it the top financial-services threat. The FBI's Kali365 warning shows the same problem as a $250/month Telegram service. Separately, Alibaba's Qwen3.7-Max runs autonomously for 35 hours and undercuts Claude Opus 4.7 by $20 per million tokens. Help desk identity verification and agentic-model economics are the new battlegrounds.