Axios Abuse Powers M365 Phishing Campaigns

/ News / By

Axios in Phishing Attacks

Threat actors exploit Axios for phishing. It surges in use by 241% recently. For example, it aids Microsoft 365 attacks. This creates efficient pipelines.

Attackers misuse Microsoft’s Direct Send. It spoofs trusted emails. Consequently, messages bypass security gateways. This lands in user inboxes.

High Success Rates

Axios with Direct Send achieves 70% success. It outperforms other methods. Moreover, it targets finance and healthcare executives. The campaign started in July 2025.

Axios intercepts HTTP requests. It captures session tokens and MFA codes. For instance, it replays requests to steal access. This automates workflows.

QR Code Lures

Emails use compensation themes. They include PDFs with malicious QR codes. Additionally, scanning leads to fake login pages. These mimic Outlook.

Fake pages host on Google Firebase. This leverages platform reputation. Therefore, it evades detection. Attackers blend with legitimate traffic.

Salty 2FA Phishing Kit

A new kit, Salty 2FA, steals credentials. It simulates six MFA methods. For example, it fakes SMS and push notifications. This bypasses protections.

Salty 2FA uses geofencing and IP filtering. It blocks security vendors. Moreover, it disables browser tools. This complicates analysis.

Dynamic Branding

The kit customizes login pages. It matches victim email domains. Consequently, it enhances social engineering. This makes attacks more convincing.

Phishing hits hotel professionals. It impersonates booking platforms. For instance, fake confirmations prompt action. This steals credentials.

Attacks mature into enterprise operations. They exploit trusted platforms. Additionally, they mimic corporate portals. This blurs legitimate traffic.

Preventing Axios and Salty Attacks

To stop these attacks, secure Direct Send features. Disable if unused. Train staff on phishing recognition. Additionally, use anti-spoofing policies. Real-time threat monitoring blocks suspicious domains. By staying proactive, organizations can protect M365 accounts.

Sleep well, we got you covered.

Sleep well, we got you covered.

sales@protergo.id
WhatsApp
Get Started

Follow Us

Instagram Linkedin

Get Direction

Head Office: Jl. Ampera Raya No. 5D, RT 004/RW 004, Cilandak Timur, Pasar Minggu, Jakarta Selatan, DKI Jakarta 12560

Operational Office: Jl. Pahlawan No.1, RT.1/RW.7, Bintaro, Kec. Pesanggrahan, Kota Jakarta Selatan, Daerah Khusus Ibukota Jakarta 15412

Copyright © 2026 PT PROTERGO SIBER SEKURITI

Scroll to Top