Attackers are utilizing a newly found phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to focus on a variety of industries throughout North America and Europe, based on researchers at ANYRUN.
The phishing assaults are delivered by way of e mail and primarily try to steal Microsoft 365 credentials. Like many well-liked commodity phishing kits, Salty 2FA is designed to bypass quite a lot of multifactor authentication measures.
“With its capability to distribute phishing payloads at scale, keep dynamic infrastructure, intercept and course of most identified 2FA authentication strategies past easy credentials, and handle a posh communication mannequin between phishing pages and C2 servers, Salty 2FA stands on par with the ‘main’ kits in right now’s phishing panorama,” the researchers word.
Frequent phishing lures utilized by the equipment relate to billing statements, payroll amendments, requests for proposals, or bid invites. ANYRUN noticed the attackers utilizing the phishing equipment to focus on quite a lot of sectors throughout the US, Canada, France, Germany, Greece, Italy, Spain, Switzerland, and the UK. The assaults have additionally focused the monetary sector in Latin America and the metallurgy trade within the US and India.
The researchers consider Salty 2FA’s builders are nonetheless enhancing the platform, and organizations worldwide needs to be looking out for these phishing assaults.
“Primarily based on information from the ANYRUN Sandbox and TI, exercise resembling Salty 2FA started gaining momentum in June 2025, though it’s potential that early or ‘uncooked’ variants of the equipment, or samples much like it, had been already being deployed as early as March–April 2025,” the researchers write. “Confirmed exercise attributed to Salty 2FA has been noticed since late July 2025 and continues to this present day, producing dozens of recent public evaluation classes within the Sandbox day-after-day.”
AI-powered safety consciousness coaching can provide your group a necessary layer of protection towards social engineering assaults. KnowBe4 empowers your workforce to make smarter safety choices day-after-day. Over 70,000 organizations worldwide belief the KnowBe4 HRM+ platform to strengthen their safety tradition and scale back human threat.
ANYRUN has the story.
