"Phishing-as-a-Service (PhaaS) platforms keep evolving, giving attackers faster and cheaper ways to break into corporate accounts. Now, researchers at ANY.RUN has uncovered a new entrant: Salty2FA, a phishing kit designed to bypass multiple two-factor authentication methods and slip past traditional defenses. Already spotted in campaigns across the US and EU, Salty2FA puts enterprises at risk by targeting industries from finance to energy."
"Who is Being Targeted? ANY.RUN analysts mapped Salty2FA campaigns and found activity spanning multiple regions and industries, with the US and EU enterprises most heavily hit. United StatesFinance, healthcare, government, logistics, energy, IT consulting, education, construction Europe (UK, Germany, Spain, Italy, Greece, Switzerland)Telecom, chemicals, energy (including solar), industrial manufacturing, real estate, consulting Worldwide / OtherLogistics, IT, metallurgy (India, Canada, France, LATAM)"
Salty2FA is a multi-stage phishing kit that bypasses push, SMS, and voice-based two-factor authentication to intercept credentials and 2FA codes. The framework uses evasive infrastructure and a staged execution chain to slip past traditional defenses and escalate phishing emails into account takeovers. Activity spans the United States, multiple European countries, and other regions, targeting finance, energy, telecom, healthcare, government, logistics, manufacturing, and consulting sectors. Activity began gaining momentum in June 2025 with possible traces in March–April; confirmed campaigns have been active since late July and continue to generate dozens of analysis sessions daily.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]