Major August 2025 Cyber Attacks: 7-Stage Tycoon2FA Phishing, New ClickFix Campaign, and Salty2FA
Aug. 26, 2025, 7:09 p.m.
Description
In August 2025, significant cyber attacks emerged, including a 7-stage Tycoon2FA phishing campaign targeting government, military, and financial institutions across the US, UK, Canada, and Europe. The attack uses multiple verification steps to evade security systems. A new ClickFix campaign delivered the Rhadamanthys Stealer using PNG steganography, indicating increased sophistication in payload delivery. Salty2FA, a new Phishing-as-a-Service framework attributed to Storm-1575, was discovered targeting Microsoft 365 accounts globally, capable of bypassing various 2FA methods. These attacks demonstrate the evolution of phishing kits and stealers, emphasizing the need for behavioral analysis and real-time threat intelligence in cybersecurity defenses.
Tags
Date
- Created: Aug. 26, 2025, 4:14 p.m.
- Published: Aug. 26, 2025, 4:14 p.m.
- Modified: Aug. 26, 2025, 7:09 p.m.
Indicators
- 51.89.33.171
- 142.250.186.161
- 194.87.29.253
- 191.96.207.129
- 153.127.234.4
- 153.127.234.5
- https://telephony.nexttradeitaly.com/SSSuWBTmYwu/
- https://marketplace24ei.ru/790628.php
- https://marketplace24ei.ru//
- https://curie77.fr/?download=1&kccpid=2339&kcccount=https://kkvl.legends.com.de/be2N0
- https://microsofstlive.fare.com.de/JmJfd
- fbetlixgee.eu
- curie77.fr
- telephony.nexttradeitaly.com
- zerontwoposh.live
- yurikamome.com
- wetotal.net
- vnositel-bg.com
- temopix.com
- spaijo.es
- pyfao.es
- marketplace24ei.ru
- loanauto.cloud
- innovationsteams.com
- flaxergaurds.com
- dvlhpbxlmmi.es
- culturabva.es
Additional Informations
- Healthcare
- Energy
- Defense
- Education
- Finance
- Telecommunications
- Government
- Manufacturing
- Canada
- United Kingdom of Great Britain and Northern Ireland
- United States of America