🎣 #Salty2FA relies on encrypted HTTPS communication for fake login pages, redirect flows, and data exfiltration. That’s why it often looks harmless at first glance, delaying confirmation and increasing the risk of credential compromise.

The full phishing flow becomes visible when HTTPS traffic is automatically decrypted in #ANYRUN Sandbox: https://app.any.run/tasks/73fb8a10-2721-4da4-9f9b-a340a6eac370?utm_source=mastodon&utm_medium=post&utm_campaign=salty_ssl_decryption&utm_term=120326&utm_content=linktoservice

👨‍💻 Learn how #ANYRUN improves phishing detection for SOC teams: https://any.run/cybersecurity-blog/automatic-ssl-decryption/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_ssl_decryption&utm_term=120326&utm_content=linktoblog

#cybersecurity #infosec

❓How should SOC teams respond to the Salty2FA–Tycoon2FA hybrid?
⚠️ When activity from one #phishing kit suddenly drops, defenders should be ready for a surge in the other, likely controlled by the same operators.

How to stay ahead:
✅ Treat #Salty2FA and #Tycoon2FA as one threat cluster
✅ Build hunting hypotheses that account for fallback payloads
✅ Rely more on behavior than static IOCs
✅ Update IR playbooks for mixed execution chains

👨‍💻 Sandbox analysis gives you fast clarity on complex threats. See execution of a hybrid payload: https://app.any.run/tasks/ccf7d689-7926-495d-b37f-d509536ff42b/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_tycoon_soc&utm_term=111225&utm_content=linktoservice

Read the full breakdown of this cross-kit evolution to learn how to adapt detection and threat hunting: https://any.run/cybersecurity-blog/salty2fa-tycoon2fa-hybrid-phishing-2025/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_tycoon_soc&utm_term=111225&utm_content=linktoblog

#cybersecurity #infosec

🚨 A new PhaaS “chimera” is making phishing attribution harder. #Salty2FA and #Tycoon2FA, once separate phishing kits, now appear inside the same campaigns and even the same payloads.

👾 See analysis of a hybrid payload: https://app.any.run/tasks/ccf7d689-7926-495d-b37f-d509536ff42b/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_tycoon&utm_term=031225&utm_content=linktoservice

➡️ Read the full breakdown of this cross-kit evolution to learn how to adapt detection and threat hunting: https://any.run/cybersecurity-blog/salty2fa-tycoon2fa-hybrid-phishing-2025/?utm_source=mastodon&utm_medium=post&utm_campaign=salty_tycoon&utm_content=linktoblog&utm_term=031225

#cybersecurity #infosec

🚨 New threat alert: #Salty2FA & #Tycoon2FA are now targeting enterprises in a joint #phishing operation.

We've found a hybrid #PhaaS that steals corporate logins at scale.

Get all the details and actionable IOCs to not miss the attack ⬇️
https://any.run/cybersecurity-blog/salty2fa-tycoon2fa-hybrid-phishing-2025/?utm_source=mastodon&utm_medium=post&utm_campaign=salty2fa_tycoon2fa&utm_content=linktoblog&utm_term=021225

#cybersecurity #infosec

👾 #Salty2FA is a #PhaaS that hijacks sessions and steals Microsoft 365 credentials, bypassing six MFA types.

⚠️ It uses Cloudflare Turnstile, heavy obfuscation and real-time credential validation to evade detection.

See analysis & gather #IOCs: https://any.run/malware-trends/salty2fa/?utm_source=mastodon&utm_medium=post&utm_campaign=salty2fa_card&utm_term=231025&utm_content=linktomttt

#Cybersecurity #infosec

🚨 #Salty2FA is a #PhaaS bypassing SMS, push notifications, and OTP-based MFA to steal Microsoft 365 credentials.
It targets finance, energy, logistics, telecom sectors.

👾 Learn how to detect & stop it before it’s too late: https://any.run/malware-trends/salty2fa/?utm_source=mastodon&utm_medium=post&utm_campaign=salty2fa&utm_term=061025&utm_content=linktomttt

#Cybersecurity #infosec

Salty2FA phishing kit = enterprise-level threat.
🔄 Rotating subdomains per victim
🛡️ Cloudflare Turnstile anti-analysis
🔑 MFA simulation (SMS, push, tokens, codes)
🎨 Dynamic branding that mirrors corporate portals
Phishing is blurring the line between legit & malicious.

Follow @technadu for continuous threat intel.

#Salty2FA #PhishingAsAService #Evasion #CloudflareAbuse #CyberThreat

Watch out: The new #Salty2FA phishing kit bypasses MFA and clones real brand login pages, making fake sites look convincing and harder to detect.

Read: https://hackread.com/salty2fa-phishing-kit-bypasses-mfa-clone-login-pages/

#CyberSecurity #Phishing #Scam #CyberCrime #PhishingKit

🚨 #Salty2FA is a new #phishkit linked to #Storm1575.
Active since June, it bypasses 2FA to gain access beyond stolen creds. Using a unique domain pattern and multi-stage chain, it targets finance, energy, telecom and more.

Read analysis: https://any.run/cybersecurity-blog/salty2fa-technical-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=salty2fa_analysis&utm_term=050925&utm_content=linktoblog

#cybersecurity #infosec

🚨 #Salty2FA is a new #phishkit from #Storm1575 that has been evading detection since June

🎯 Targets finance, energy, and telecom companies in the US & EU
🪝 Steals creds and bypasses multiple 2FA methods

Read analysis of its attack chain 👇
https://any.run/cybersecurity-blog/salty2fa-technical-analysis/?utm_source=mastodon&utm_medium=post&utm_campaign=salty2fa_analysis&utm_term=190825&utm_content=linktoblog

#cybersecurity #infosec