"This was not a single phishing campaign. It was an industrialised service built to make MFA bypass accessible to thousands of criminals. Identity is now the primary attack surface. When session hijacking can be packaged and sold as a subscription, the risk shifts from isolated incidents to systemic exposure."
"The service was notable for its scale and accessibility, with a ready-to-use toolkit providing buyers with fake login pages, proxy layers and basic campaign tooling, with more recent updates adding evasion features to hinder analysis and response. At the point of the takedown this week, it had about 2,000 active subscribers, each paying approximately $120 for a 10-day licence."
Tycoon2FA, an underground phishing service active since summer 2023, has been shut down through a Europol-led operation supported by Cloudflare, Microsoft, Proofpoint, and Trend Micro. The service provided subscribers with ready-to-use toolkits including fake login pages, proxy layers, and campaign tools to bypass multifactor authentication. Operating as a subscription model at approximately $120 per 10-day license, it had roughly 2,000 active subscribers at takedown. The service leveraged over 24,000 domains, primarily targeting Microsoft 365 and Google services, with victims concentrated in the US (52%), UK (8%), Germany (5%), and Canada (4%). Recent updates included evasion features to hinder analysis and response.
#phishing-service-takedown #multifactor-authentication-bypass #cybercrime-infrastructure #session-hijacking #identity-theft
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]