Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks
Axios Abuse and Salty 2FA Kits Fuel Advanced Microsoft 365 Phishing Attacks — [https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihdRbIp3q2q7MpV9hjqN
What’s new: Recent phishing campaigns have seen a significant rise in the abuse of Axios, an HTTP client tool, alongside Microsoft 365’s Direct Send feature. This combination has led to a 241% increase in Axios user agent activity from June to August 2025, with attackers achieving a 70% success rate in bypassing security measures. The campaigns target various sectors, initially focusing on executives before expanding to all users. Additionally, a new phishing-as-a-service offering called Salty 2FA has emerged, enabling attackers to simulate multiple MFA methods to steal Microsoft login credentials.
Who’s affected
Organizations utilizing Microsoft 365, particularly in finance, healthcare, and manufacturing sectors, are at risk. Employees across all levels may be targeted by these phishing campaigns, which leverage trusted delivery methods to bypass security defenses.
What to do
- Secure Microsoft 365 Direct Send and disable it if not required.
- Implement anti-spoofing policies on email gateways.
- Train employees to recognize phishing emails and suspicious links.
- Block known malicious domains and monitor for unusual Axios activity.
