In the ever-evolving landscape of cybersecurity threats, a recent report from ReliaQuest has shed light on a concerning trend: threat actors leveraging popular HTTP client tools like Axios in tandem with Microsoft’s Direct Send feature to orchestrate sophisticated phishing attacks within Microsoft 365 environments. This alarming development underscores the importance of remaining vigilant and continually fortifying defenses against evolving attack vectors.
According to the findings from ReliaQuest, the abuse of Axios in conjunction with Microsoft’s Direct Send feature has enabled threat actors to establish a highly efficient attack pipeline, allowing them to bypass traditional security measures and infiltrate Microsoft 365 environments with greater ease. The rapid surge in Axios user agent activity, which saw a staggering 241% increase from June to August 2025, far outpaced the growth of all other flagged user agents combined, signaling a significant shift in tactics employed by malicious actors.
The prevalence of Axios abuse in recent phishing campaigns highlights the need for organizations to reassess their security posture and implement additional layers of protection to defend against such advanced threats. One particularly insidious aspect of these attacks is the utilization of Salty 2FA kits, which are designed to circumvent two-factor authentication (2FA) mechanisms commonly used to enhance security within Microsoft 365 environments.
By leveraging Axios and Salty 2FA kits in tandem, threat actors can craft convincing phishing emails that mimic legitimate communications, luring unsuspecting users into divulging sensitive information or unwittingly granting access to their accounts. This blend of technical sophistication and social engineering tactics poses a significant challenge for defenders, requiring a multifaceted approach to cybersecurity that encompasses both technological solutions and user awareness training.
In response to these emerging threats, organizations utilizing Microsoft 365 must prioritize the implementation of robust security measures to mitigate the risk of falling victim to advanced phishing attacks. This includes configuring email security settings to block suspicious domains and employing advanced threat protection solutions that can detect and neutralize phishing attempts in real-time.
Additionally, user education and awareness play a crucial role in defending against phishing attacks, as employees are often the first line of defense against social engineering tactics employed by threat actors. Regular training sessions on identifying phishing attempts, coupled with simulated phishing exercises, can help reinforce a culture of security within organizations and empower users to recognize and report suspicious activities.
As the cybersecurity landscape continues to evolve, staying informed about emerging threats and adopting a proactive approach to defense are essential for safeguarding sensitive data and preserving the integrity of digital environments. By remaining vigilant, implementing best practices, and leveraging advanced security solutions, organizations can effectively defend against the growing sophistication of phishing attacks targeting Microsoft 365 and other platforms.
In conclusion, the abuse of Axios and Salty 2FA kits in advanced phishing attacks targeting Microsoft 365 underscores the need for organizations to enhance their cybersecurity defenses and prioritize security measures that can effectively mitigate these evolving threats. By staying ahead of emerging attack vectors and fostering a culture of security awareness, businesses can better protect themselves against malicious actors seeking to exploit vulnerabilities for nefarious purposes.