Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    • Blog
      • /
    • Phishing
      • /
    • New Phishing Kit Bypasses MFA to Steal Microsoft 365 Credentials

    New Phishing Kit Bypasses MFA to Steal Microsoft 365 Credentials

    KnowBe4 Team | Aug 28, 2025

    MFAAttackers are using a newly discovered phishing-as-a-service (PhaaS) platform dubbed “Salty 2FA” to target a wide range of industries across North America and Europe, according to researchers at ANYRUN.

    The phishing attacks are delivered via email and primarily attempt to steal Microsoft 365 credentials. Like many popular commodity phishing kits, Salty 2FA is designed to bypass a variety of multifactor authentication measures.

    “With its ability to distribute phishing payloads at scale, maintain dynamic infrastructure, intercept and process most known 2FA authentication methods beyond simple credentials, and manage a complex communication model between phishing pages and C2 servers, Salty 2FA stands on par with the ‘major’ kits in today’s phishing landscape,” the researchers note.

    Common phishing lures used by the kit relate to billing statements, payroll amendments, requests for proposals, or bid invitations. ANYRUN observed the attackers using the phishing kit to target a variety of sectors across the US, Canada, France, Germany, Greece, Italy, Spain, Switzerland, and the United Kingdom. The attacks have also targeted the financial sector in Latin America and the metallurgy industry in the US and India. 

    The researchers believe Salty 2FA’s developers are still improving the platform, and organizations worldwide should be on the lookout for these phishing attacks.

    “Based on data from the ANYRUN Sandbox and TI, activity resembling Salty 2FA began gaining momentum in June 2025, although it is possible that early or ‘raw’ variants of the kit, or samples similar to it, were already being deployed as early as March–April 2025,” the researchers write. “Confirmed activity attributed to Salty 2FA has been observed since late July 2025 and continues to this day, generating dozens of new public analysis sessions in the Sandbox every day.”

    AI-powered security awareness training can give your organization an essential layer of defense against social engineering attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 HRM+ platform to strengthen their security culture and reduce human risk.

    ANYRUN has the story.

    Topics: Phishing Password Security MFA Human Risk Management

    Find out if your organization's MFA solution
    can be hacked by cybercriminals now!

    Did you know that all MFA mechanisms can be hacked, and in some cases it's as simple as sending a phishing email? That's why it's important to know the exact security risks your MFA solution has and how your users' accounts may be compromised.

    masareport-thumbHere's how MASA works:

    • You will receive a custom link to take your assessment
    • Answer a series of technology questions relevant to your MFA solution
    • Get an instant high-level snapshot of potential risks with your MFA
    • Receive your in-depth report packed with actionable insight and detailed analysis on specific MFA attacks and tips for your top defenses 

    Assess My MFA Solution Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/multi-factor-authentication-security-assessment

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    KnowBe4 Team

    ABOUT KNOWBE4 TEAM

    The KnowBe4 Team delivers timely, expert-driven insights on cybersecurity trends, emerging threat intelligence, human risk and agent security best practices, compliance strategies and industry research to help organizations strengthen their digital defense layer and stay informed, resilient, and secure.

    Read more from KnowBe4 »

    Subscribe to Our Blog

    Posts By Topic

    View All