In August 2025, significant cyber attacks emerged, including a 7-stage Tycoon2FA phishing campaign targeting government, military, and financial institutions across the US, UK, Canada, and Europe. The attack uses multiple verification steps to evade security systems. A new ClickFix campaign delivered the Rhadamanthys Stealer using PNG steganography, indicating increased sophistication in payload delivery. Salty2FA, a new Phishing-as-a-Service framework attributed to Storm-1575, was discovered targeting Microsoft 365 accounts globally, capable of bypassing various 2FA methods. These attacks demonstrate the evolution of phishing kits and stealers, emphasizing the need for behavioral analysis and real-time threat intelligence in cybersecurity defenses. Author: AlienVault
Related Tags:
tycoon2fa
T1027.003
clickfix
Rhadamanthys Stealer
T1497.001
T1218.007
T1557
Canada
T1071.001
Associated Indicators:
temopix.com
spaijo.es
pyfao.es
curie77.fr
vnositel-bg.com
flaxergaurds.com
yurikamome.com
zerontwoposh.live
culturabva.es