"Tycoon 2FA, a Phishing-as-a-Service (PhaaS) platform, enabled thousands of cybercriminals to steal login credentials and session tokens. Even accounts secured with MFA could be compromised via a single email. The service had been active since at least 2023 and quickly grew to become one of the most widely used phishing platforms in the world."
"Based on a court order from the U.S. District Court for the Southern District of New York, Microsoft seized 330 domains. It was the first time this had been done in collaboration with Europol's Cyber Intelligence Extension Programme (CIEP). Authorities in Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom carried out additional operational measures."
"By mid-2025, Tycoon 2FA was responsible for approximately 62 percent of all phishing attempts blocked by Microsoft, the company concludes. Only by combining data from various authorities and companies was it possible to attack Tycoon 2FA in this way."
Tycoon 2FA, a phishing-as-a-service platform active since at least 2023, enabled thousands of cybercriminals to steal login credentials and session tokens from over 500,000 organizations monthly. The service compromised even MFA-protected accounts through fraudulent emails. Microsoft, collaborating with Europol and international partners from Latvia, Lithuania, Portugal, Poland, Spain, and the United Kingdom, seized 330 domains via US court order. By mid-2025, Tycoon 2FA accounted for approximately 62 percent of all phishing attempts blocked by Microsoft. The coordinated disruption involved multiple cybersecurity companies including Trend Micro, Proofpoint, Cloudflare, and Intel471. This represented the first collaboration between Microsoft and Europol's Cyber Intelligence Extension Programme.
#phishing-as-a-service #cybercrime-disruption #multi-factor-authentication-bypass #international-law-enforcement #domain-seizure
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]